OS X Exploits and Defense

Product Description

Threats to Macintosh's OS X operating system are increasing in sophistication and number. Whether it is the exploitation of an increasing number of holes, use of rootkits for post compromise concealment or distributed denial of service, knowing how the system is vulnerable and how to defend it is critical to computer security. This book brings all this information together, providing a solid basis to help you succeed in protecting your organization from risk.

* Cuts through the hype with a serious discussion of the security
vulnerabilities of the Mac OS X operating system
* Reveals techniques by which OS X can be "owned"
* Details procedures to defeat these techniques
* Offers a sober look at emerging threats and trends
Product Details

* Amazon Sales Rank: #1258784 in Books
* Published on: 2008-04-25
* Original language: English
* Number of items: 1
* Binding: Paperback
* 400 pages

Editorial Reviews

About the Author
David Harley (BA, CISSP) has written or contributed to over a dozen security books, including Viruses Revealed and the forthcoming AVIEN Malware Defense Guide for the Enterprise. He is an experienced and well-respected antivirus researcher, and he also holds qualifications in security audit (BS7799 Lead Auditor), ITIL Service Management, and medical informatics. His background includes security analysis for a major medical research charity and managing the Threat Assessment Centre for the U.K.s National Health Service, specializing in the management of malware and e-mail security. His Small Blue-Green World provides consultancy and authoring services to the security industry, and he is a frequent speaker at security conferences.
Customer Reviews

not recommended1
I ordered this one too fast, few days later first reviews were available and like them I can't recommend this book. too fragmented information without structure, looses the focus of other books covering same topics, its more a bunch of stories and scenarios around apple macs in history

Disorganized and lacking depth2
OS X Exploits and Defense suffers from a number of problems. The organization is totally random. Each author's chapters are unrelated to the others, and there's no real progression. The description of the book seems to be more advanced, targeted at people who write exploits and do system level hardening, but the actual content is mostly beginner-oriented. The writing is poor and in need of some good editing and proofreading.

Here's a description of the first 5 chapters.
Chapter 1:
Macintosh OS X Boot Process and Forensic Software.
2 pages of introduction. 2 pages of describing the boot process, which mainly consists of "There is this thing called EFI and xnu, and here are some keys that you can press during boot to do stuff". It mentions that you can boot off a CD to reset the password, but doesn't mention setting a firmware password. 10 pages describing third party forensic software, which didn't really seem to have any relation to booting, so why are they in the same chapter?

Chapter 2: Past and current threats
A few pages on how some people think OS 9 was invincible, but it really isn't. A few pages on how buffer overflows are exploitable on OS 9, and demonstrating an overflow (but not an exploit) in Eudora for OS 9. First, who cares about OS 9? Second, of course buffer overflows are exploitable on OS 9. Why would anyone devote any time to this?

The chapter moves on to OS X, which is a lot more interesting. It describes some old vulnerabilities. Then there are sections on Unicode exploits, exploiting PowerPC binaries on Intel, and exploiting Wine-based Windows applications. All are interesting and relatively novel, although they are light on explanation and heavy on uncommented gdb output. There is some discussion of tricks that malware can use to hide itself, and some discussion of exploit techniques. Aside from the OS 9 content, this whole chapter was good.

Chapter 3: Malicious Macs: Malware and the Mac
It describes different types of malware, and specific instances of malware that have been targeted at old versions of Mac OS, as well as Mac OS X. It devotes a lot of time to arguing that malware can affect Mac OS X, and has. Which is true, but to any security-minded reader that should already be obvious, so I don't know what the point is. We all know idiot Mac users who think they're invincible, but they don't read books like this.

Chapter 4: Malware detection and the Mac
There's some discussion of whether or not anti-malware software is needed on the Mac, a brief discussion of malware detection techniques, and an overview of some available anti-malware software. All of this is fine, but it's at a low technical level suitable for an end user trying to decide what anti-virus program to buy. It doesn't fit with the book's marketed demographic.

Chapter 5: Mac OS X for Pen Testers
This chapter covers:
Running Terminal, running perl, installing and using CPAN, X11, compiling open source programs, an overview of open source security programs. There's a 6 page section on how to build Wireshark. The intended audience for this is again at a very rudimentary skill level.

This book's main problem is that it lacks focus, which might have something to do with the fact that it has 5 authors. It's all over the place in terms of the topics, and the intended audience. I think there are some people who might like any given chapter, but few who would want to read the whole thing. And there is very little content in the book that is novel, that you couldn't find just by Googling. I have higher hopes for "The Mac Hacker's Handbook" by Charles Miller and Dino Dai Zovi, which hasn't been released yet, so we'll see.