Apple Gatekeeper Moves Mac Into iOS's Walled Garden
Whitelisting is the future of desktop application security, and Apple is taking a particularly controlling approach to it in Mountain Lion.
It's been obvious for some time that the future for desktop security will include whitelisting of applications, meaning that you will be able to install only those from a pre-cleared list. The next version of OS X, a.k.a. Mountain Lion, will take Mac users there.
It all started with mobile phones: ever since phones could run even the most trivial apps, carriers controlled which apps users could access. Independent software vendors had to submit these apps through contract test labs and pay a decent chunk of change for even the privilege of submitting programs for sale through the carrier.
The iPhone, with its App Store, brought this to the big time. You can only install the apps that Apple will allow you to have. By sheer coincidence, Apple takes a substantial commission on these sales. Of course, when I say you can only install those apps, I mean unless you want to install others. You do this by jailbreaking the phone. Jailbreaking takes you out of Apple's "walled garden" where you are safe, at least as a practical matter, from malicious software.
A little background about whitelisting. Current systems work in one of two ways: Through sophisticated hashes of known-good executable files, or through digital signatures. Signatures are a better way. Hashes are used by many whitelisting systems, like those from Lumension, in order to whitelist programs that aren't necessarily signed.
All iOS apps are signed using keys issued through Apple's iOS Developer Program. iOS won't run unsigned apps and a developer's keys can be revoked for violating license terms. Google has a similar program with the Android Marketplace, but it doesn't vet the apps in it to the degree that Apple does.
Until now, the Apple Developer Program signature on Mac apps hasn't meant much. In Mountain Lion, the default will be to allow you to run programs from the Mac App Store or other programs with an Apple Developer Program signature, but not other apps, even those with other digital signatures. You can make Gatekeeper more restrictive by only allowing programs from the App Store, or you can disable it and allow all programs. If you only permit programs from the Store you lose access to significant software (Adobe PhotoShop, Microsoft Office, etc.) that is not in the Store and won't be because those companies are not about to give Apple a 30% cut.
It would have been nice for Apple to allow developers to specify other valid signers. But they don't, so in order to reach Apple users in the future developers will, as a practical matter, have to use the Apple Developer Program ($99/year).
Similar things are on the way for Windows 8. For the new Metro-style apps, you will have to go to the Microsoft Store. But Microsoft takes a different approach for conventional apps. Windows 8 will have more powerful versions of Windows Defender and SmartScreen which will block programs and Internet sites with bad reputations. It will also use a file system filter driver to do the same with program files, warning you of known bad ones and those with no reputation at all. See the video below:
Because we're talking about a world-wide Microsoft reputation service, a file with no reputation at all is an inherently suspicious thing. Thus, with the Windows approach, you have the opportunity to download malicious programs, but it's highly likely that Windows will warn you that the file is either known to be malicious or at least suspicious.
The Microsoft approach is less restrictive and controlling of users and developers and doesn't require developers to pay Microsoft a recurring fee in order to gain access to users. But it is a more complicated approach for the user. Some might be happy to put themselves under Apple's control. After all these years it's clear that the supply of users willing to take whatever Apple gives them is a large and profitable one.
I'm a big believer in whitelisting. It's not perfect--nothing really is--but it can provide a very high degree of assurance that users will not see malicious programs. Malware on iOS is theoretically possible; maybe it even exists and we just haven't found it. But as a real-world matter, it's a non-problem. The overwhelmingly dominant risk factor for PC infection is the user clicking on or running something malicious. If users don't have the opportunity to do so anymore, we'll all be better off.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.