Key Isolation Features in Mac OS X

« Previous article.
Next article. »

May
10

By: switchtoamac at: 12:14 AM on May 10, 2006 | Comments (19)

Aside from an awesome user interface and a great underlying architecture, Apple built OS X with security in mind.  As part of that central security theme, OS X has been designed using three key isolation features:

  • System Isolation
  • User Isolation
  • Memory and Application Isolation 
System isolation

System isolation is where by default, the inner core of the operating system is separate from users and other programs.  What this means is that users and programs cannot access the inner workings of OS X without the computer's administration password.  The administration password is assigned to the user who setup OS X on the machine, the so called Administrator.  When you purchase a new Mac, you are guided through a program called the "Setup Assistant" that creates an Administrator account and associated Administrator password.  In daily computing activities, users of OS X should use what is referred to as a "Normal" account, a less privileged user in OS X.  I will provide a write-up of the Setup Assistant in a future post.

An advantage of this System isolation design is that a Mac is inherently protected from malware, spyware, viruses, and potential intruders.  In February 2006, news hit the wires that alluded to the first Mac virus.  The media and those who didn't know better were quick to report that OS X was now vulnerable to the same problems that plague Windows.  The program relied on “social engineering”, a process where something is not self-propagating and requires help from the computer user in order for it to work.  The program required users to enter the Mac OS X administration password.  This mere fact demonstrated that the OS X architecture is safe because the program wasn't able to do anything on its own.  It's just common sense not to enter the administration password just because a program requests it.  This protection is in stark contrast to the Windows platform where a simple visit to a website or download can compromise the system.  In many cases, Windows users are unaware that a program has found its way into the computer without their consent.  Check out this great read outlining the major problems with Microsoft's Internet Explorer browser.

Windows users find that over time, their computer doesn't seem to run as fast as it did when it was brand new.  Why does this strange behavior occur?  The problem has its root in bad design.  The Windows System folder (directory) can become a dumping ground for junk left behind by programs and other things.  The OS X System folder (directory) does not suffer from this problem because programs can't access the OS X system level directories by default.  As a result, junk is not left behind by programs and other things.  There is also a difference with software installations between Windows and OS X.  With most Windows based programs, a user has the option to install the program in whatever directory/folder he or she chooses.  On a Mac, installed software ends up in the "Applications" directory (folder).  This "one place for all" implementation keeps OS X more secure, stable (crash resistant), organized, and helps the system run optimally.  If by chance an installed program needs to add system level support files in order to operate, those files do not go into the OS X System folder, instead they go into the "Library" folder.

There are actually three different locations of Library folders on OS X all under the Macintosh HD (hard drive):

  • /System/Library
  • /Library
  • /Users/<short name of user>/Library

The /System/Library holds essential inner and restricted files that OS X needs to operate

The /Library folder contains files available to ALL users and applications running on OS X.  For example, fonts and printer settings.  This folder can be modified by the Administrative user.  This is the folder where third-party software and applications place the support files that they need to operate.

The /Users/<short name of user> directory is discussed in the next section, User Isolation.  Note that unless you know what you're doing, do not alter the content in the Library folders.


 

Hence, system isolation is a key feature of Mac OS X that separates and protects the core of the operating system from applications and users.

 

User Isolation

Each user is separate from the other users in OS X as each user has a "Home" directory.  For example, is a system had the users "switchtoamac" and "getamac", the following Users directories would be created:

/Users/switchtoamac
/Users/getamac

As a result, the files created and stored by "switchtoamac" will be inaccessible by "getamac" and vice-versa.  A user's Home directory is only accessible by the user that is currently logged into OS X.  Note however, that in addition to accessing its own Home directory, the OS X Administrator can access the Home directory of each individual user on the system, but note that the Administrator will still have to type the password to get such access.  The administrator is not the so called "superuser", referred to as root.  A future post will describe the root user.  Each user's "Home" folder can store documents, files (including pictures, music, etc ..), settings, and program caches such as cached pages and cookies in Safari.  Some benefits of this implementation are easy backups, user experience, and customization.  Backups are a breeze.  If a user wants to back up their documents and settings, all they need to do is backup their Home folder.  Mac users can customize their computing experience as they see fit.  Each user's settings only apply to that specific user; other users will not be impacted.  An additional benefit is that users, to some degree, can customize how software will work under their account.

Each user also has his or her own Library directory.  The /Users/<short name of user>/Library is user specific.  This Library folder holds files and settings specific to and individual's preferences, recent items, web site bookmarks, Address Book entries, keychain, and so on.

Just about every Mac OS X application can be customized via each application's preferences settings.  Whenever a setting is altered, Mac OS X updates the application's preferences file.  These files are identified with a .plist extension.  When the application launches, OS X checks the preferences file to determine how to set the application for the user.  OS X maintains a separate preferences file for each application and each user.  For example, each user has his or her own plist file for Safari stored in the following area:

/Users/switchtoamac/Library/Preferences/com.apple.Safari.plist
/Users/getamac/Library/Preferences/com.apple.Safari.plist

User isolation is a great feature that Mac OS X uses to separates users from other users.

 

Memory and Application Isolation

Apple designed OS X to run applications in isolation.  There are two major benefits of this feature, Memory Management and Application Isolation.

The UNIX under pinnings of OS X provides a clean, modern, and efficient memory management system.  Mac OS X implements “Protected Memory”, a memory management feature that gives each running application its own unique space (chunk) in the computer's memory (RAM). The benefit of this implementation is that OS X prevents the sharing of memory between applications.  In other words, a particular running application cannot use the memory used by another running application and most importantly, an application cannot access the memory used by the operating system. This isolation provides an inherent crash-resistant safety feature to OS X because if an application becomes unstable, unresponsive, or it crashes, a Mac doesn't need to be restarted.  All that needs to happen is that the application is shutdown or terminated.  The benefit is that the operating system and other running applications will not be affected.  Windows users are accustomed to an application locking and having a domino effect on the entire system.  In many cases, Windows will stop working, the system will crash, or a reboot will be required.

Apple designed OS X to allow applications to be provided to OS X users as an application bundle (packaged unit) or packaged with an installer.  An application bundle contains all the essential files to allow the program to run.  This makes a bundled application's installation and removal a breeze.  All you do to install the program is drag the application's icon to the Applications directory (/Applications).  Each application will get its own folder/directory in the /Applications directory allowing each application to be isolated from the other applications in the /Applications directory.  To un-install the program, you grab the icon and drag it to the trash bin.

Some applications rely on an installer to install the program.  For example, Apple's Final Cut Pro software uses an installer to install the application.

By having all applications in the /Applications directory, additional benefits can be realized.  For example, you will be able to easily move your applications to a new Mac by using the OS X "Migration Assistant" or upgrade to a new version of OS X by using the "Archive and Install" option.

System Isolation, User Isolation, Memory and Application Isolation are key features that contribute to a more enjoyable experience for Mac OS X users.  For those interested in using the most modern, secure, and stable operating system available on the market, use a Mac.

Updates:

May 11, 2006:

  • Clarified password requirement for Admininstration account
  • Clarified information about Application installations
  • Added information about the "root" user
  • Corrected typos
July 3, 2006:
  • Added links to posts about Setup Assistant and Root account

19 Reader Comments

Personally, I find just switching between apps under Win XP painfully slow a lot of the time. OSX does a much better job with that.

With regards to OSX's file system-- HFS+-- it gets some criticism because some file syatems are fatser. In my mind, I like the user-friendliness of HFS+, and I hope Apple stickes with it instead of switching (as some have proposed) to Sun's ZFS or the like.

Great article, bookmarking it now :)

ZFS is just as user friendly as HFS+ and has more next-gen features. Sun is smart to bring a filesystem to the market that won't be needed for another 5-10 years. Why? It will have 5-10 years polish. Plus ZFS has the potential to unify all the Unix/linux base OS on to one super polish file system.

This is my only beef with open source. Instead of coming out with millions of small start-up ideas with limited or no resources communities need to ban together and polish 1 or 2 projects with better resources to draw on. I'm talking about projects that can be universal (like a file system which can be used by anybody and picks no favorites) and not OS/Distros.

I applaud Linux community in their effort to create a standard api across OSes which KDE and Gnome are both supporting.

If Apple adopts ZFS, they can contribute to the open source community without affecting the overall mac experience.

There's a slight error in clarity here, as the setup assistant (on first startup) indeed creates an admin, but that admin is not the same as the System Administrator or "root" and does not have access to anyone else's user folders by default, as seems to be implied. Only the root user can do that, and that user must be explicity enabled first and assigned a "non-trivial" password. Yet another excellent layer of protection isolation.

At the end of the day each OS has its own features and shortcomings.

To UNIX/linux users such as me this rant is funny as all the features you describe here are directly lifted from UNIX type systems :)

Nowadays, I do not see much difference from Apple's Mac to Intel's PC. The differences between them is getting so thin that each respective operating system can be installed to run on either hardware. The uniqueness of Mac is about to be lost in some years to come.

If OS-X is that stable why is e.g. Quicktimeplayer able to lockdown the whole desktop when it doesn't find a codec?
Why is it not possible to just immediatly kill a process? (except using the commandline?)

I started with an Amiga and never really liked windows. I feel far more closer to Linux/Unix than to Windows but i have to use it on a daily basis. With all respect, but the usability of OS-X is lausy in my point of view, its far more patronizing than i like it.

"To UNIX/linux users such as me this rant is funny as all the features you describe here are directly lifted from UNIX type systems :)"

It wasn't "lifted." OS X IS a unix type system. A direct descendent of BSD in fact.

It would be nice if someone also highlighted the limitations of the unix 'one owner' 'one group' issues and the lack easy to use and configure ACLs in OS X (client).

OS X has a multitude of major issues related to permissions, etc when multiple users are added to the mix. That function of 'isolation' is hardly a benefit.

OS X stands as the best HOME OS and is not more than an albatross in an enterprise where management is key.

Compare OS X and Open Directory to XP and Active Directory and the same tasks that are native to AD become major undertakings to get OS X to play nice in the enterprise.

I don't see the article saying that applications must be installed in the /Applications folder.

My take is that the author is saying that there is an advantage by placing applications in that folder when is comes to upgrading or backing up

Lovely article. I agree with osxisking, however, it would be nice if someone outlined the limits.

Thanks :)

On OS X, the Applications folder and everything in it is writable by the user, so applications can modify each other without the knowledge or authorization of the user. Because of this, the OS X security model is intrinsically inferior to the Linux security model.

In addition to deficiencies in the security model, OS X is also less secure than Linux because Apple is extremely slow to patch vulnerabilities. Right now, there are still a number of unpatched, critical vulnerabilities including at least one that facilitates privilege escalation. Privilege esclation vulnerabilities make it possible to circumvent the password requirement.

If you want real security, use a real UNIX or Linux distribution, don't use OS X.

While I won't claim that Windows is more secure than OSX, some of your claims are a bit skewed.

First, most of the popular Windows installers offer the choice to install software wherever a user chooses, but the default is almost always C:\Program Files. This is basically the equivalent of OSX's "Applications" folder. In my case, I prefer being given the choice of where to install my programs, and making the installation path unchangeable isn't necessarily a good thing.

Second, Windows has used a protected memory model since NT (which includes 2000, XP, and any version since XP). Windows ME was the last version that used the old memory model, and it's regarded as one of the worst versions of Windows ever. All modern versions of Windows, however, isolate programs in memory just as you say OSX does. Very few program crashes are capable of bringing down the system; most that do are a result of programs revealing glitches in hardware drivers, a weakness shared by all major OS's.

Third, Windows isolates user files just as OSX does. Or rather, it offers this isolation. When programs are written properly, they will be isolated between users, storing preferences specific to each user in C:\Document and Settings\ or in the user-specific section of the registry. Windows restricts access to each user's directory and each user's registry to that user; only administrators can access other users' information. Of course, the weakness of this model is that programs are not forced to store user-specific preferences in each user's area, but that requirement doesn't exist in OSX either - it's just more common that OSX programmers do this properly.

Most of the problems with Windows involves the massive collection of applications that were built using old paradigms (mainly the idea that a computer was not networked and was only used by one person) and Windows' backward-compatibility with those programs. Whereas OSX emulates OS9 for older programs, Windows executes them seamlessly. Almost all the OSX features you mention exist in Windows, but Win32 programmers often write code that relies on deprecated features of Windows, making it even harder for MS to remove those features permanently. Apple, instead, started nearly from scratch with OSX and broke many old apps, which improved the OS but greatly limited its backward compatibility. MS does not yet have that luxury, but they (OSX and Windows) are very close to the same point.

You *can* install applications anywhere you want to with OS X. You are not restricted to the Applications folder. It does, however, make it easy to find applications when they're installed in one place instead of all over God's creation as on a Windows computer.

Any application that has Ring 5 or greater access on a Windows machine has the possibility (probability) of bringing the machine down. Not just crashing the application space, like on OS X, but the entire machine.

Yes, Microsoft agrees that much of Windows instability can be directly attributed to third-party drivers. However, since OS X rarely needs drivers -- most drivers are included -- the likelihood of a poorly-written driver causing a kernel crash is greatly reduced in OS X.

If Microsoft would draw a line in the sand like Apple has done and stopped worrying about how ancient applications, drivers, and utilities will run, Windows would be much more compact and stable.

-Aaron-

Ahhh, the beauty of a UNIX type OS! You GOT to love it or be an idiot!

Macs rock.

The Mac to Linux comparisons are annoying. Apple is not trying to market their computers to anybody who knows the difference and prefers Linux. OS X is a commercial desktop product; it exists to let customers use their Macs easily and safely. That's it. They're not trying to grab every segment of the market like Microsoft. If you think Linux is better, then use Linux. Who cares? Just use what you like. What is OS X supposed to do? It's there to run my Mac, let me install apps, let me run those apps quickly and safely, and let me just do my work and not spend hours maintaining the underlying system. Linux users are like car mechanics; they know the good cars and are willing to open the hood and tweak it as often as need to get the best performance. Me, I'm just drive a Subaru -- I turn it on, it takes me where I need to go, it's safe and I don't need to open the hood.

Awesome blog. Peace out until next time TabathaOster

Mac OS X is the most commonly used version of Unix - based on BSD Unix.

Seg: "On OS X, the Applications folder and everything in it is writable by the user, so applications can modify each other without the knowledge or authorization of the user."
This is untrue. You have to input your Administrator password in order to add/modify/delete anything in the Applications folder at least if you use your computer as a normal user (and you should as that is basic security measure). Unlike Windows with Program Files...

Speak your mind - Leave a Comment