Get news 
- May 24, 2012 08:00 AM Die meisten Unternehmen haben bereits die Virtualisierungsgewässer mit Serverkonsolidierungen und a ...
- May 24, 2012 13:00 PM Tips for shortening the planning and deployment process Common implementation pitfalls to avoid What ...
- May 24, 2012 14:00 PM Learn how solutions from IBM can help you bring software to market faster, improve cross-team effici ...
Loading Carousel Data, Please wait ..
BYTE Technologists
BYTE Categories
BYTE Newsletter
Keep up with all the BYTE News and Reviews
Apple Gatekeeper Moves Mac Into iOS's Walled Garden
Category: Smartphones, Operating systems, Freeware, Desktop PCs, Notebooks
It's been obvious for some time that the future for desktop security will include whitelisting of applications, meaning that you will be able to install only those from a pre-cleared list. The next version of OS X, a.k.a. Mountain Lion, will take Mac users there.
More Insights
Webcasts
- Thriving in a Multi-Platform World: Integrating Mobile Device Management into Your Overall Security Strategy
- CTO to CTO: Scott Davies, VMware, and Jim Davies, Mitel, Give Voice to the Virtual Desktop
White Papers
- Forrester Research study How Blade Servers Impact Datacenter Management and Agility
- ComputerWorld Tech Dossier HP ProLiant Gen8 Servers: Intelligent Mgmt and Greater Efficiency Throughout the LifeCycle
Reports
More >>
It all started with mobile phones: ever since phones could run even the most trivial apps, carriers controlled which apps users could access. Independent software vendors had to submit these apps through contract test labs and pay a decent chunk of change for even the privilege of submitting programs for sale through the carrier.
The iPhone, with its App Store, brought this to the big time. You can only install the apps that Apple will allow you to have. By sheer coincidence, Apple takes a substantial commission on these sales. Of course, when I say you can only install those apps, I mean unless you want to install others. You do this by jailbreaking the phone. Jailbreaking takes you out of Apple's "walled garden" where you are safe, at least as a practical matter, from malicious software.
The walled garden on Mountain Lion is called Gatekeeper. Below are the config settings.
A little background about whitelisting. Current systems work in one of two ways: Through sophisticated hashes of known-good executable files, or through digital signatures. Signatures are a better way. Hashes are used by many whitelisting systems, like those from Lumension, in order to whitelist programs that aren't necessarily signed.
All iOS apps are signed using keys issued through Apple's iOS Developer Program. iOS won't run unsigned apps and a developer's keys can be revoked for violating license terms. Google has a similar program with the Android Marketplace, but it doesn't vet the apps in it to the degree that Apple does.
Apple has a Mac Developer Program, too, and a Mac App Store (see below).
Until now, the Apple Developer Program signature on Mac apps hasn't meant much. In Mountain Lion, the default will be to allow you to run programs from the Mac App Store or other programs with an Apple Developer Program signature, but not other apps, even those with other digital signatures. You can make Gatekeeper more restrictive by only allowing programs from the App Store, or you can disable it and allow all programs. If you only permit programs from the Store you lose access to significant software (Adobe PhotoShop, Microsoft Office, etc.) that is not in the Store and won't be because those companies are not about to give Apple a 30% cut.
It would have been nice for Apple to allow developers to specify other valid signers. But they don't, so in order to reach Apple users in the future developers will, as a practical matter, have to use the Apple Developer Program ($99/year).
Similar things are on the way for Windows 8. For the new Metro-style apps, you will have to go to the Microsoft Store. But Microsoft takes a different approach for conventional apps. Windows 8 will have more powerful versions of Windows Defender and SmartScreen which will block programs and Internet sites with bad reputations. It will also use a file system filter driver to do the same with program files, warning you of known bad ones and those with no reputation at all. See the video below:
Because we're talking about a world-wide Microsoft reputation service, a file with no reputation at all is an inherently suspicious thing. Thus, with the Windows approach, you have the opportunity to download malicious programs, but it's highly likely that Windows will warn you that the file is either known to be malicious or at least suspicious.
The Microsoft approach is less restrictive and controlling of users and developers and doesn't require developers to pay Microsoft a recurring fee in order to gain access to users. But it is a more complicated approach for the user. Some might be happy to put themselves under Apple's control. After all these years it's clear that the supply of users willing to take whatever Apple gives them is a large and profitable one.
I'm a big believer in whitelisting. It's not perfect--nothing really is--but it can provide a very high degree of assurance that users will not see malicious programs. Malware on iOS is theoretically possible; maybe it even exists and we just haven't found it. But as a real-world matter, it's a non-problem. The overwhelmingly dominant risk factor for PC infection is the user clicking on or running something malicious. If users don't have the opportunity to do so anymore, we'll all be better off.
Larry Seltzer is the Editorial Director of Byte.
Related Reading
 |
To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy. |
COMMENTS
Tune In to BYTE
Related Webcasts
- Thriving in a Multi-Platform World: Integrating Mobile Device Management into Your Overall Security Strategy
- CTO to CTO: Scott Davies, VMware, and Jim Davies, Mitel, Give Voice to the Virtual Desktop
- What Impact Will Windows 8 Have on the Tablet Market?
- Unlock the Value of Your Business Data: IBM's Integration Solution for .NET Environments
- Cloud or Premise Based Contact Center – Which is Right [for YOU]?
Whitepapers
In this paper you will learn the five trends shaping
the future of enterprise mobility. Learn how the rise of social media as
a business application, the lurring between work and home, the emergence
of new mobile devices, the demand for tech savvy employees and changing
expectations of corporate IT will fundamentally change the workplace.
In a survey of more than 1,700 information workers
(iWorkers) in North America, notebooks, desktops, and smartphones were
found to be “must-have” devices, while tablets, slates, and netbooks
were relegated to “nice-to-have” status, according to a commissioned
study conducted by Forrester Consulting on behalf of Dell and Intel.
Upcoming Events
Oct 20: Becoming a Security Detective - Gathering and Analyzing Security Intelligence in the Enterprise
In this all-day virtual event, experts will offer detailed insight in how to collect security intelligence in the enterprise, and how to analyze and study it in order to efficiently identify new threats as well as low-and-slow attacks such as advanced persistent threats. Register today!
Platinum Sponsors: ArcSight, NetIQ, Proofpoint, Thawte
Gold Sponsor: Q1 Labs
October 6: InformationWeek 500 Virtual Event: The Need for Speed
At the 2011 InformationWeek 500 Virtual Conference, C-level executives from leading global companies will gather to discuss how their organizations are turbo-charging business execution and growth.
Platinum Sponsor: ArcSight, Workday
Gold Sponsor: IBM
Aug 25: InformationWeek & Dark Reading present: How Security Breaches Happen and What Your Organization Can Do About Them
Attendees will get insights on how to prevent breaches from happening, how to research and identify the source of a breach, and how to remediate a compromise as quickly and efficiently as possible.
Platinum Sponsor: ArcSight, NetIQ, Thawte
Gold Sponsors: Lumension, NetGear, GFI
Silver Sponsor: Motorola
July 28: InformationWeek & Symantec present: Infrastructure at Risk -- Taking Decisive Action to Secure Your Critical Data Assets
Join the editors of InformationWeek and leading security experts from Symantec for an in-depth look at the current threats faced by large and small organizations, and the implications for your business, your customers, and even your country. You'll hear how today's threat landscape is changing drastically, and learn the latest countermeasures and best practices to keep your company's precious data assets out of the hands of determined cybercriminals.
July 27: Electronic Health Records -- Moving from Concept to Reality
At this InformationWeek Healthcare Virtual Event, we will talk with healthcare practitioners, IT professionals and other industry experts about issues surrounding EHR selection, deployment and use.
Platinum Sponsor: HP, Intel, GBS, Geotrust, NextGen
Silver Sponsor: Proofpoint
On-Demand: InformationWeek & Interop present: Business Mobility Unleashed
In this virtual event, the leaders behind InformationWeek Business Technology Network and Interop zero in on the top mobile technologies and techniques you'll need to understand and master to ensure your organization thrives in the wireless world.
Platinum Sponsors: Alcatel-Lucent, APC
Gold Sponsor: HP
Silver Sponsor: Emerson Network Power
Bronze Sponsor: Skybot
On-Demand: Cybersecurity Best Practices
In this half-day virtual event, experts assess the state of cybersecurity in government and present the latest strategies for creating a more secure, attack-proof IT infrastructure. This event will help CISOs and other information assurance professionals in federal, state, and local government stay on top of the latest developments in the field.
Platinum Sponsor: GeoTrust
Gold Sponsor: Bit9
On-Demand: Data Center Transformation
Data centers are undergoing incredible transformations that create
both opportunities and challenges for IT professionals. Server virtualization enables rapid provisioning,
more efficient use of resources, and improved disaster recovery. That trend will continue with storage and network virtualization,
allowing IT pros to further abstract -- and optimize -- data center resources.In this virtual event, you will learn how prepare your organization for a data center transformation.
Platinum Sponsors: AMD, APC, Cisco, Eaton, SunGard
Gold Sponsor: Emerson Network Power
On-Demand: Cloud Computing Roadmap: Controlling the Cloud - Managing, Optimizing and Integrating Cloud Services with Your Existing IT Infrastructure
In this virtual event, you'll learn how to craft your own strategy for successfully embracing and integrating new cloud computing capabilities without derailing or destroying your current IT roadmap.
Platinum Sponsors: ArcSight, GoToAssist, SunGard, thawte
Gold Sponsor: Symform
Silver Sponsor: Skybot
On-Demand: Plugging the Leaks -- Finding and Fixing the IT Security Holes in your Enterprise
In this virtual event presented by Dark Reading and InformationWeek, you'll find out how criminals target the flaws in your IT environment, and you'll get some insight on the best methods for finding and fixing your vulnerabilities -- before you're hit by malware or unauthorized access.
Platinum Sponsors: NetIQ, Novell, thawte, Webroot
Gold Sponsors: ArcSight, Bit9, OpenText
Silver Sponsor: Application Security, Core Security, Lumension
The 2011 Informationweek 500 Conference will be held at the beautiful St. Regis Monarch Beach Resort, Dana Point, CA. Mark your calendars for September 11-13, 2011.
InformationWeek Healthcare IT Leadership Forum
Related Reports
Related Whitepapers
