Feeds

Security biz scoffs at Apple's anti-Trojan Gatekeeper

Apple dev ghetto fears - plus it only probes executables

The essential guide to IT transformation

Security watchers are expressing reservations about whitelisting security that Apple plans to integrate with OS X Mountain Lion this summer.

The security feature, dubbed Gatekeeper, restricts the installation of downloaded applications based on their source. Users can choose to accept apps from anywhere (as now) but by default Gatekeeper only lets users install programs downloaded from the Mac App Store or those digitally signed by a registered developer. More cautious users can decide to accept only applications downloaded from the Mac App Store.

The technology is designed to make it harder to trick Mac fans into installing Trojans. Apple is essentially acting to nip the problem of scareware scams and the like on Macs in the bud, before Apple-targeting malware gets out of control.

From a system security perspective that's a laudable aim but there may be less palatable consequences.

The move could be a step along the road to making OS X as closed to unapproved developers as iOS.

"Gatekeeper also begins to solidify Mac's walled garden," Sean Sullivan, a security advisor at F-Secure notes. "In the future, when Apple decides to further close its platform, device drivers could also be required to use Apple Developer IDs. Apple is famous for its focus on user experience, and it isn't really very difficult to imagine it revoking third-party peripheral drivers in order to 'secure' that experience."

Gatekeeper is billed as offering: "More control for you" – "I keep reading it as: more control – over – you," Sullivan observes wryly. "By 2014, I expect somebody out there will be jailbreaking their Mac…"

Aside from these political issues, other security watchers warn that Apple's implementation of whitelisting technology may be flawed.

Chester Wisniewski of Sophos notes that the technology only looks at executable files downloaded via the internet. That means files from USB drives, CD/DVD/BR or even network shares "will all install and run without being screened". In addition, other potentially malicious files might be missed, he says.

"Gatekeeper code signing only applies to executable files, meaning anything that is not itself a Trojan – like malicious PDFs, Flash, shell scripts and Java – will still be able to be exploited without triggering a prompt," Wisniewski warns.

Gatekeeper is based on the same LSQuarantine technology previously used by Apple in XProtect, a basic anti-malware system built into recent releases of Mac OS X since August 2009.

Wisniewski is supportive of Apple's objectives in developing Gatekeeper but dismissive of its initial efforts, which he categorises as a failure. "I think Apple is really on to something here if they implemented this feature in a more comprehensive manner," Wisniewski concludes. "I give them an A for what they want to accomplish, but sadly only a D- on implementation." ®

Bootnote

Computer security historians would be interested to note that 20 years ago there was an anti-virus program for Mac, also called Gatekeeper. The software, developed by independent programmer Chris Johnson, was shelved many years ago.

Next gen security for virtualised datacentres

More from The Register

next story
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
Think crypto hides you from spooks on Facebook? THINK AGAIN
Traffic fingerprints reveal all, say boffins
Rupert Murdoch says Google is worse than the NSA
Mr Burns vs. The Chocolate Factory, round three!
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.