Leopard is now certified Unix, but is it safe?

Some users will still be uncertain, says Tom Yager

I learned recently that OS X Leopard has passed the Open Group’s certification suite for Unix 03, qualifying it to use the Unix trademark. This certification, along with substantial advances in its administrative interface, puts OS X in league with the three big iron Unixes, namely, AIX, Solaris, and HP-UX.

The Open Group has issued Apple a lovely certificate of compliance. I suggest that all Leopard users frame it and hang it in their server rooms and Mac-blessed cubicles as a reminder to Linux weenies that there are pretenders, and then there is the real thing.

And guess what? I am genuinely unconcerned about those who see such statements as blasphemous or as baiting the Linux community. Those who read my columns know that I’m a certified Unix snob, a Mac client and server user, and proud to be both.

“Wait a minute,” I hear some of you saying, “aren’t those three certified commercial Unixes proprietary? Why would anybody want OS X to fly that flag?” Well, don’t forget that Solaris is legitimately open source, and it runs on hardware (including Macs under hardware-accelerated virtualisation) that doesn’t bear Sun’s badge, so there is a precedent for open, non-proprietary, genuine Unix.

From my perspective, the primary value of Leopard’s Unix certification is that it gives commercial server ISVs confidence that their native code will port easily to OS X on Mac. Satisfying Unix 03 requirements indicates that “recompile and run” is now a reality, not only for Leopard Server but for Leopard client as well, given that both are based on exactly the same kernel, development tools, libraries, commands and utilities, most of which Apple laudably publishes as open source.

Open source has not been very good to Apple of late. Open system software is the best way to future-proof commercial computers for customers, but Apple’s open sourcing of its true Unix imposes potential drag on OS X’s credibility in organisations that equate the Unix trademark with secure systems.

The informed know that OS X is no more vulnerable to black hat exploits than other OSes, closed and open alike.

Yet parties from IBM to Windows and Linux antivirus vendor Panda Security, along with some Linux users, routinely foster negative public opinion about OS X.

I say: Vendors, if you slam OS X security, put your money where your mouth is by refusing business from accounts that have deployed Macs. After all, an enterprise is only as secure as the least secure system on the network.

You wouldn’t want to open your servers to exploits by helping prospective customers integrate your equipment with Macs. Just walk away from the table and leave the money to vendors such as Sun, which doesn’t bad-mouth OS X.

Apart from public perception, there is a contingent at Apple that is mightily honked that Darwin renders OS X ultimately crackable, leading to successful independent efforts to open Apple’s locked-down platforms — Mac, Xserve, Apple TV, and iPhone — to third-party software. OS X has been cracked to run on non-Apple PCs, albeit with gaps in functionality related to video and wi-fi. Apple TV is fully cracked, resulting in the ability to replace the device’s cut-down edition of OS X with the full OS distributed with Mac systems and sold as a shrink-wrapped upgrade.

The iPhone effort is far from complete, but like OS X and Apple TV, iPhone cracks rely on Darwin’s open sources and binary compatibility with OS X. Apple could easily close that gap by ditching the Darwin project or tweaking it to make it binary-incompatible with Leopard. HP-UX and AIX are closed source, and that hasn’t hurt IBM’s or HP’s sales.

For customers, platform selection is a matter of trust. If Apple were to close OS X by withdrawing or limiting Darwin, would that bolster customers’ faith in Leopard’s security and scalability? Much as I’d hate to see OS X closed, I have to admit that closing OS X’s source code, combined with Apple’s Unix certification, might help push OS X into organisations that associate Unix with stability and scalability.

However, requiring digital signatures on privileged executables would afford OS X adequate protection while allowing it to remain an open OS. Such signatures can be cracked, but Apple can play dodgeball with crackers by building new keys into firmware updates.

I know that I’ve been all over the place in my treatment of this subject, but I’ll circle back around to my main point: Apple deserves to benefit from Unix’s image as a stable and secure platform. OS X is mature, open, beautifully and thoroughly documented, and uniquely delivered to customers in a turnkey, deployable state. Real Unix never looked so good or delivered such a smooth ride.

Join the newsletter!

Error: Please check your email address.

Tags technology

Show Comments
[]