Feeds

Security biz scoffs at Apple's anti-Trojan Gatekeeper

Apple dev ghetto fears - plus it only probes executables

Protecting against web application threats using SSL

Security watchers are expressing reservations about whitelisting security that Apple plans to integrate with OS X Mountain Lion this summer.

The security feature, dubbed Gatekeeper, restricts the installation of downloaded applications based on their source. Users can choose to accept apps from anywhere (as now) but by default Gatekeeper only lets users install programs downloaded from the Mac App Store or those digitally signed by a registered developer. More cautious users can decide to accept only applications downloaded from the Mac App Store.

The technology is designed to make it harder to trick Mac fans into installing Trojans. Apple is essentially acting to nip the problem of scareware scams and the like on Macs in the bud, before Apple-targeting malware gets out of control.

From a system security perspective that's a laudable aim but there may be less palatable consequences.

The move could be a step along the road to making OS X as closed to unapproved developers as iOS.

"Gatekeeper also begins to solidify Mac's walled garden," Sean Sullivan, a security advisor at F-Secure notes. "In the future, when Apple decides to further close its platform, device drivers could also be required to use Apple Developer IDs. Apple is famous for its focus on user experience, and it isn't really very difficult to imagine it revoking third-party peripheral drivers in order to 'secure' that experience."

Gatekeeper is billed as offering: "More control for you" – "I keep reading it as: more control – over – you," Sullivan observes wryly. "By 2014, I expect somebody out there will be jailbreaking their Mac…"

Aside from these political issues, other security watchers warn that Apple's implementation of whitelisting technology may be flawed.

Chester Wisniewski of Sophos notes that the technology only looks at executable files downloaded via the internet. That means files from USB drives, CD/DVD/BR or even network shares "will all install and run without being screened". In addition, other potentially malicious files might be missed, he says.

"Gatekeeper code signing only applies to executable files, meaning anything that is not itself a Trojan – like malicious PDFs, Flash, shell scripts and Java – will still be able to be exploited without triggering a prompt," Wisniewski warns.

Gatekeeper is based on the same LSQuarantine technology previously used by Apple in XProtect, a basic anti-malware system built into recent releases of Mac OS X since August 2009.

Wisniewski is supportive of Apple's objectives in developing Gatekeeper but dismissive of its initial efforts, which he categorises as a failure. "I think Apple is really on to something here if they implemented this feature in a more comprehensive manner," Wisniewski concludes. "I give them an A for what they want to accomplish, but sadly only a D- on implementation." ®

Bootnote

Computer security historians would be interested to note that 20 years ago there was an anti-virus program for Mac, also called Gatekeeper. The software, developed by independent programmer Chris Johnson, was shelved many years ago.

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.