This paper will constraint on the Mac and the IPhone Operating System. It will give us a brief introduction to the Mac and the Iphone history (OS X). It will mention briefly about Iphone security. After that this article will try to find the enhanced security features between MAC operating system and Iphone operating system. Also it will explain about Viruses, Worms and Spyware in the both operating systems. The studying of the differences between MAC and Iphone will give us more understanding about the securities features in the both operating system specially that Iphone operating system is a subset of the MAC OS X.
Mac OS started its life in 1984 on the original 128KB Macintosh as a mouse-operated graphical operating system that, due to memory constraints. In 1988 Mac OS started to support multitasking process. In the mid-90s, Apple ended up having a ten year old code base designed for a single-tasking system on a Motorola 68000 that now ran on PowerPC CPUs. Apple finally decided to buy NEXT, the company Steve Jobs had founded just after having left Apple in 1985, and to convert NEXTSTEP/OpenStep into the next Mac OS X. The NEXTSTEP operating system was heavily based on Mach. As one of the first microkernels, it only included code for memory management (address spaces, tasks), scheduling (threads; a concept unknown to UNIX at that time) and inter-process communication (IPC) - all other functionality typically found in an operating system kernel, like filesystems, networking, security and device drivers, had to be implemented in so-called "servers" in user space. The typical configuration of a Mach operating system was to have a single BSD server in user mode, i.e. the majority of the BSD kernel with memory management and scheduling stripped out, and process management built on top of Mach tasks. The problem with the Mach design was that the kernel was slower than a traditional monolithic kernel because of the extra kernel/user context switches when a server communicated with the kernel or servers communicated with each other. The Mach memory management code was later integrated into BSD.
Apple's iPhone has been the fastest-growing smart phone since its release on June 29, 2007. Its release was one of the most heavily publicized events in the history of mobile electronics devices. Thousands of people lined up outside Apple stores prior to its release. The iPhone uses the ARM 1176JZF-S processor, which offers good power management for superior battery life and powerful processing for 3D graphics. Further details regarding this processor are available on the ARM product website. Apple and AT&T signed a contract according to which iPhones can only be used with AT&T wireless service for the first two years.
2. OS X Architecture
Mac OS x is an innovative outcome of improving the traditional Mac OS (operating system) and the forthcoming and promising NeXT-based system which is Rhapsody. However, some theories predict that OS x is originated from both NEXTSTEP and OPENSTEP but actually Mac OS x is built on rock-solid UNIX foundation and regarded as a safe, innovative, simple and amazing operating system in the world. The improved techniques of OS X take full advantage of the 64-bit, multicore processors and GPUs. This will help to obtain the highest probable performance. In addition, OS corresponds with the hardware efficiently in order to maintain long battery life. This can be achieved (by spinning down the hard drive when it's inactive, by intelligently deciding whether the CPU or GPU is best for a task, and by automatically dimming the screen in low-light conditions) . As a result of this wonderful integration between software and hardware, we can get a fabulous and perfect system works together adequately. Furthermore, Mac OS x is designed for the era of internet. Several complicated technologies accompanied with large number of safe security configuration are able to detect dangerous threats, deliver frequent security updates and be not worried about complex settings.
2.1 Layers of OS X
Darwin is considered as one of ( the pieces of software that constitute Mac OS x and are grouped into logical layers ) (2). This digital layer can be defined as a set of technological programs. This layer is composed of more than 250 packages. packages including the Mac OS X kernel and many drivers and the other ones derive from BSD, GNU etc. Many integrated software with its sysyem such as ( apache, bind, binutils, cvs, gcc, gdb, gimp_print, kerberos, mysql, openssh, openssl, pam, perl, postfix, ppp, python, rsync, samba, and many more BSD/GNU/other packages ...) are all part of Darwin.
XNU: The Kernel
Mac OS X kernel layer called XNU and composed of two major sections: Mach and BSD. Mach is considered as the main element of a code formed XNU, the well-known architecture derived in the mid 1980s. Many low-level features are resulted from XNU's Mach such as (preemptive multitasking, protected memory, virtual memor management, inter-process communication, interrupt management, real-time support and console I/O ). The second type of Mac OS X is BSD. This component depends on FreeBSD as the initial reference codebase. Process model, user ids, permissions, basic security policies, various synchronization mechanism and others are some aspects that BSD is responsible for their internal features.
The visual location of this layer is above the kernel and its most essential secondary parts are CoreFoundation framework and CoreServices framework. The core services include a variety of sensitive non-GUI system services including APIs for controlling such as threads and processes, resource, virtual memory and filesystem interaction. The services are:
- CarbonCore; Core is a part of Carbon which is considered as an important branch of both Mac OS API species and Mac OS X.
- CeNetwork: part of API used for user-level networking that contain many protocols such as FTP, HTTP
- OSServices: a framework that specializes in many APIs systems.
- SearchKit: a framework for multiple language searching and browsing.
- WebServicesCore: APIs that make use of Web Services through SOAP and XML-RPC.
- CoreFoundation: contains a huge number of many services such as applied access of URLS, parse XML.
Iphone architecture layers
It is considered as the simplest operating system in relation to its easy and uncomplicated design. On the other hand, there should be a sufficient and accurate understanding of iPhone OS architecture diagram in order to recognize its actual and sensitive function. An obvious explanation of each layer will be mentioned in the following
- Application: This layer is gathered to native code by (the Apple-distributed iPhone compiler, and linked with the Objective-C runtime and C library by the linker). This layer works perfectly side by side with userspace environment arranged by the iPhone OS.
- Frameworks/API: This layer consists of Cocoa Touch and upper-level OpenGL calls which are an Apple distributed headers with the Iphone SDK in addition to some active links.
- Objective-C runtime: This layer is composed of the objective-C dynamically-linked runtime libraries and the principle C libraries. The C library establishes the environment for the objective -C runtime so that they are both included in the same layer.
- iPhone OS: iPhone Os is the kernel, drivers and services that form the iPhone Operating System. Iphone Os can be called also iPhone OS X or OS X but its position is the same which is located between userspace and hardware.
- Processer: Processer is the group of ARM instructions and (the interrupt descriptor table as set up by the iPhone OS during boot and driver initialization) .
- Firmware: This layer refers to the specific chip code that is either integrated with memory in/around the peripheral itself or via the driver to get spoken peripheral.
- Hardware: It is the clear and visual chips that are connected to the iPhone's circuitry. However, the real processor is found under layer but the important instructions and descriptions are found through the processor layer.
3. Overview of Iphone security
The iPhone can provide the strong encryption data in the transmission. Also it can encrypt the data on the phone. When we consider the security of iPhone for enterprise use, it is helpful to understand the following :
This policy will prevent unauthorized users from accessing data which is stored on iPhone. iPhone also provides secure protection through the use of passcode policies which can be enforced and delivered over-the-air. If the device falls into the wrong hands, users and IT administrators can initiate a remote wipe command to help ensure that private information is erased. By using the policy, we change specify the period of time to change the passcode and we can specify for passcode enforcement type.
The policies described above can be set on iPhone in two ways. The first one, when the iPhone is configured to access a Microsoft Exchange account, The Exchange Active Sync policies are published to the phone over the air. However we can enable the policies without any action from the users. Second policies can be distributed as part of a configuration profile for users to install. The profile can be deleting the passcode or locked the device.
Secure Device Configuration
Configuration profiles are XML file which contains device security policies and restrictions, VPN configuration information, Wi-Fi settings, email and calendar accounts, and authentiÂcation credentials that permit iPhone to work with the enterprise systems. Configuration profiles can be both signed and encrypted. Signing a configuration profile ensures that the settings it enforces cannot be altered in any way. Encrypting a configuration profile protects the profile's contents and permits installation only on the device for which it was created. Configuration profiles are encrypted using CMS (Cryptographic Message Syntax, RFC 3852), supporting 3DES and AES 128.
We can determine which features in the device. Typically we can involve network-enabled applications such as Safari, youTube, or iTunes store. The restriction controls the applications and application installation. Device restrictions let you configure the device to meet your requirements, as well as permit users to utilize the device in ways that are consistent with your business practices. Restrictions are enforced using a configuration profile, or they can be manually configured on each device.
Data protection is very important for any device. The iPhone protect the data which is saved on the device and the data which is transmitted through networks to other devices. iPhone 3GS offers hardware-based encryption. iPhone 3GS hardware encryption uses AES 256 bit encoding to protect all data on the device. Encryption is always enabled, and cannot be disabled by users. iPhone supports remote wipe. If a device is lost or stolen the administrator or device owner can issue a remote wipe command that removes all data and deactivates the device.
Secure Network Communication
VPN is used in the iPhone device through support for Cisco IPSec, L2TP, and PPTP. Support for these protocols ensures the highest level of IP-based encryption for transmission of sensitive information. This VPN iPhone offers proven methods for user authentication. Authentication via standard x.509 digital certificates . Also iPhone supports network proxy configuration and WIFI. iPhone supports SSL v3 as well as Transport Layer Security. The iPhone uses the SSL at application level. iPhone supports WPA2 Enterprise to provide authenticated access to your enterprise wireless network.
Applications installed on the sandboxed and they cannot access data stored by other applications. If an application needs to access data from another application, it can only do so using the APIs and services provided by iPhone OS. iPhone provides a secure encrypted keychain for storing digital identities, user names, and passwords. Keychain data is partitioned so that credentials stored by third-party applications cannot be accessed by applications with a different identity.
4. Security features on the Mac OS X and IPhone operating system
Security features help to protect the information on the MAC/IPhone from being accessed by others. We had to understand the main features for Mac OS X and we searched for Iphone documents to find these security features. To make the IPhone has better securities specially when we deal with these devices or when we build the applications for these devices.
We tried to get the main features that affect the security on the Mac OS X, analyze these features and compare them with the IPhone OS X. The features are:
I.Mac OS X
Folder and file access control
The Mac operating system security has many features to provide a good quality of security. Mandatory access controls is one of these features. It enables the implementation of strong parental controls. It provides a sandboxing feature that restricts applications from accessing system resources. The OS X can share and collaborate the files and folders to the specific users through Access Control Lists (ACLs) and Portable Operating System Interface for UniX (POSIX). The ACL is a list of access control entries (ACEs). Each ACE specifies a permission access to group or user. ACLs are compatible with Windows Server 2003, Windows Server 2008, Windows XP, and Windows Vista. POSIX permissions let you control access to files and folders with three permissions (read, write and execute) and three categories (Owner, Group and Everyone). After evaluating ACEs, Mac OS X evaluates standard POSIX permissions defined for the file or folder. Then, based on the evaluation of ACL and standard POSIX permissions, Mac OS X determines what type of access a user has to a shared file or folder
Securing System Startup
The OS X uses Extensible Firmware Interface (EFI) or Open Firmware. Single-user mode logs in the user as root. This is dangerous because root user access is the most powerful level of access, and actions performed as root are anonymous. An Open Firmware password provides some protection, but it can be reset if a user has physical access to the machine and changes the physical memory configuration of the machine. We can require a password for start single-user mode which further secures for the computer.
Secure user account
There are two types of account in OS X. These types are nonadministrator or administrator account. Nonadministrator and administrator accounts can be defined by specifying additional user privileges or restrictions. See the table below for the user accounts in the OS X.
User can login as an administrator and we can grant the privileges and the abilities that we might not need. For example, you can modify system preferences without being required to authenticate. The OS X supports mutual authentication with Active Directory servers. Kerberos is a ticket-based system that enables mutual authentication. The user enters the password into the system. This action decrypts a ticket from a server running as a Kerberos Key Distribution Center (KDC). The ticket holds a set of encrypted keys, which are used throughout the day to authenticate user access without exchanging sensitive password information. It expires after a given amount of time (typically one day), so even if a would-be intruder sniffs it out and decrypts the information, the user-access information remains safe in the long term. 
Network Access Control (802.1x) and LDAP
802.1x is used to protect the network from unauthorized users that attempt to attack the wireless or wired network LAN. 802.1 x supports for Login Window domains, User domains, and System domains. We can only enable and use one of these. 802.1X isolates connecting to an access point from gaining access to the network to which the access point is connected. Mac OS X is its ability to use LDAP (Lightweight Directory Access Protocol) to store its user attributes. LDAP storage then makes it relatively easy to offer emulated PDC (Primary Domain Controller) services for a Windows network. This will allow Windows users to log into any machine in their network with the same username and password. With the inclusion of the popular open source LDAP server, OpenLDAP, in 10.2 server, more and more Mac OS X server admins are interested in accessing this function. 
Securing Internet Communication with Host-Based Firewalls
The Firewall in Leopard is an Application Firewall. Mac OS X Leopard (version 10.5) is the sixth major release of Mac OS X, Apple's desktop and server operating system for Macintosh. This type of firewall allows you to control connections on a per-application basis, rather than a per-port basis. The firewall makes it easier for less experienced users to gain the benefits of firewall protection and helps prevent undesirable applications from taking control of network ports. The Firewall applies to the Internet protocols most commonly used by applications, TCP and UDP. It does not affect AppleTalk. The Firewall may be set to block incoming ICMP "pings" by enabling Stealth Mode in the advanced settings.
You can monitor activity involving your firewall by enabling firewall logging. Firewall logging creates a log file that tracks activity such as the sources and connection attempts blocked by the firewall. Some programs have access through the firewall although they don't appear in the list. These might include system applications, services, and processes. They can also include digitally signed programs that are opened by other programs. The Application Firewall in OS X can permit to control connections on a per-application basis, rather than port basis. 
Secure Shell SSH, Remote Apple Events (RAE), Remote Management (ARD) and Xgrid.
Remote Login allows users to connect to the OS X computer through secure shell (SSH). By enabling Remote Login, activate more secure versions of commonly used insecure tools. We can securely configure Remote Login by restricting access to specific users. The default setting for Remote Login should be changed from "All users" to "Only these users. SSH supports the use of password, key, and Kerberos authentication. You can modify the SSH command so it only supports key-based authentication. 
If you enable Remote Apple Events (RAE), the RAE will allow the computer to respond to events sent by other computers on your network. These events include AppleScript programs.
You can use Apple Remote Desktop (ARD) to perform remote management tasks such as screen sharing. When sharing your screen you should provide access to specific users to prevent unauthorized access to your computer screen. By limiting the privileges that an ARD manager has, you can increase security. When setting privileges, disable or limit an administrator's access to an ARD client. 
IV. Xgrid sharing:
Computers on a network can use Xgrid to work together in a grid to process a job. Your computer can join the grid as an Xgrid client or as an Xgrid agent. A client submits jobs to the grid and an agent processes jobs received from an Xgrid controller. A controller is a server that receives jobs from clients and distributes jobs to agents. Xgrid Sharing is turned off by default and should remain off when it is not being used. This prevents unauthorized users from accessing your computer. 
IPhone OS X
Folder and file access control
The MAC and sandbox features are available in IPhone OS X. The IPhone operating system supports the file and folder management thread through Access Control Lists (ACLs) and Portable Operating System Interface for UniX (POSIX). 
Securing System Startup
The iPhone follows a similar sequence of booting the kernel, userland, and Mac environment. The kernel article described how the iPhone loads OS X from a disk image into RAM, and how it loads its applications in a secured environment. 
Secure user account
We don't have nonadministrator and administrator account types in the iphone. We create the account depending on the application type. For example, we have one account for email. iPhone requests access to Exchange ActiveSync services over port 443 (HTTPS). (This is the same port used for Outlook Web Access and other secure web services, so in many deployments this port is already open and configured to allow SSL encrypted HTTPS traffic). Exchange Server authenticates the incoming user via the Active Directory service and the certificate server (if using certificate-based authentication). 
Network Access Control (802.1x) and LDAP
The existing 2G iPhones adds promised support for the 802.1X port-based authentication required in any company that's even remotely serious about its network security. Apple splits its 802.1X support into two pieces. First basic support built into the iPhone 2.0 software, found in the Settings application's Wi-Fi section and the other in the WPA Enterprise and WPA2Enterprise.
The LDAP server should now show up in the Contacts application for the Iphone. From the Iphone, we can search and use addresses directly, but we can't edit them or add them to the phone's address book. LDAP addresses are also integrated into the mail, phone, and SMS apps - just we start typing a name and the iPhone will query LDAP as well as any local or synced contacts. 
Securing Internet Communication with Host-Based Firewalls.
The iphone OS supports the firewall applications. We can get these applications for free from the internet. By using the firewall application, we can specify the inbound and outbound ports. The firewall is important with jailbroken devices. 
Secure Shell SSH, Remote Apple Events (RAE), Remote Management (ARD) and Xgrid
Remote Login allows users to connect to the Iphone through secure shell (SSH) by using the WIFI. 
Iphone operating system supports the Remote Apple Events services. 
Iphone does not support the remote management 
Iphone does not support this service. We can see this service on Desktop and server computers. 
5. OS X Privacy (Worms, Spyware, Viruses and Privacy).
Many people think that privacy and security are same concept, but that is not true. Basically, to get and achieve privacy you must implement a security. In other words, privacy is a result of a successful security action. Privacy cannot be achieved without security.
I. Viruses and Worms
Viruses are malicious software which is transmitted between computers in several ways (CDs, Flash memory, networks, internet, etc â€¦), and multiply by depending on other files. There are many types of viruses which work on specific time, dates, or even on a particular incident. Viruses in some cases consist of several parts, including those whose attributes are changed periodically. Some of them are considered more as complicated, even antivirus cannot detect them. Viruses might disrupt computers completely. Also, viruses might remove system files or terminate programs from working and planting malicious programs which is considered as spyware programs.
Worms is different from viruses. Worms are self-reliant and they move faster than viruses. Also, worms do not harm computers directly, for example worms do not delete files; however, the speed reproduction and retransmission impact the effectiveness of the computer.
II. IPhone privacy
It is a non-official firmware and unsecure code which can be installed by SSHD (SSH) and it is used to unlock the iPhone in order to allow user to install apple's applications from apple's store for free. However, using this tool will cause an iPhone to be infected by different types of worms.
The worms started to attach the Iphone. We will constraint on the some kinds of worms which appeared early:
Ikee is first known worm has targeted iPhone. The wallpaper of an infected iPhone will be changed to an image of a singer. Also, this worm modify the default password.â€¦â€¦â€¦â€¦
This worm is very harmful. This worm can spread itself in very high speed between hosts which cause the root password to be changed. Moreover, the worm exploit ING Direct bank's two-factor authentication by using SMS.
Dutch 5 â‚¬ ransom
It caused by worm has been created by a Dutch hacker. "Your iPhone's been hacked because it's really insecure! Please visit doiop.com/iHacked and secure your iPhone right now!"
How to break a "Passcode Lock" which was intended in part for law enforcement officers, but it can also teach thieves how to mine the data from iPhones they have stolen.
It is used by the Apple's ImageIO framework. This exploit can multiple buffer overflows which may lead to an application crash or arbitrary code execution.
This exploit allows the users who know about it to write a code and send it to an iphone user. That causes the phone to run software code on the phone such as a sound recorder or GPS system.
iPhone spyware is basically a spy phone software application built specifically for the iPhone. It is important point to highlight is that the iPhone spy software MUST be installed directly onto the iPhone. There is absolutely no way to install iPhone spyware remotely, without physical access to the iPhone. Once installed, the iPhone spy phone software is completely undetectable, and immediately begins to record certain activity on the iPhone, and then secretly uploads all the data (text messages, call logs, GPS location, etc.) to an online web account provided by the iPhone spy software vendor. iPhone spyware can do the following activities Live Call Interception, Remote Monitoring, GPS Tracking, Recover & Read Text Messages , View Emails and display log history.
With mobile phones functioning more like computers (accessible by hackers), it's no surprise that hackers and virus writers have the popular iPhone in their sights. We know these are simple steps to fight simple iPhone virus. To protect the Iphone devicess, we should concern about the security. We have to turn off the unwanted services. We have to install antivirus applications and we update them for the all time. Hackers are now working on more smart viruses and trojans that can execute themselves without user intervention.
III. Mac OS X Privacy
In the Mac computer we will mention some types of the worms the follow:
DubbedOSX/Ingtana.A is a proof of concept worm for Mac OS X 10.4 (Tiger) that tries to spread from one infected system to others by using Bluetooth OBEX Push vulnerability.
SH/Renepo-A or MacOS.Renepo.B: It arrives in the form of a Bash shell script and replicates itself over local networks. However, its ability to spread is limited, as it does not use email or file-sharing programs to distribute copies of itself, researchers said. The worm also requires a high level of access to infect a PC.
Leap-A worm, which spreads through instant messaging program iChat, is thought to be the first virus for the Apple platform.
The Mac computer can be attacked by:
ARDAgent (Apple Remote Desktop) is a vulnerability which affect on Mac OS X version 10.4 and 10.5. It is an easy method for attackers to access to a root rights to any Mac's system.
ImageIO TIFF Memory Corruption Code is a component, and it allows various applications to read and write any image's formats. This vulnerability exists in Mac OS X which may result in the execution of arbitrary code or a denial-of-service attack. An attacker can use a maliciously-crafted TIFF file to cause termination of the viewing application (DoS) or to execute arbitrary code.
The spyware can attach the MAC computer. We will mention the some types of these spywares:
PokerStealer Trojan Horse contains a script buried inside a program that work on Mac OS X system or pretends to be a poker game. By launching the program or the game, the script will prompt a user for his/her password.
THT Trojan Horse runs hidden on a system and allows a malicious user to remotely access the computer, transmit user passwords, and weaken the firewall to allow undetected access. Additionally, the AppleScript.
The viruses take the biggest part of the computer security. We will mention some types of these viruses:
OSX/Leap is the first virus which attacks Mac OS X system. Mac OS X version 10.4 to 10.4.4 are affected by this virus. The virus will execute the applications that are found, so it changes the launch processes for the applications. Apple announced that this virus is not an actual virus, but it is s malicious software.
OSX/Inqtana installs itself in a normal prohibited area through exploit Bluetooth directory and file exchange services. In the next reboot, the virus goes to look for Bluetooth devices which accept files
Type your main text in 10-point Times, single-spaced. Do not use double-spacing. All paragraphs should be indented 1 pica (approximately 1/6- or 0.17-inch or 0.422 cm). Be sure your text is fully justified-that is, flush left and flush right. Please do not place any additional blank lines between paragraphs.
Figure and table captions should be 10-point Helvetica (or a similar sans-serif font), boldface. Callouts should be 9-point Helvetica, non-boldface. Initially capitalize only the first word of each figure caption and table title. Figures and tables must be numbered separately. For example: "Figure 1. Database contexts", "Table 1. Input data". Figure captions are to be below the figures. Table titles are to be centered above the tables.