Feeds

Security biz scoffs at Apple's anti-Trojan Gatekeeper

Apple dev ghetto fears - plus it only probes executables

High performance access to file storage

Security watchers are expressing reservations about whitelisting security that Apple plans to integrate with OS X Mountain Lion this summer.

The security feature, dubbed Gatekeeper, restricts the installation of downloaded applications based on their source. Users can choose to accept apps from anywhere (as now) but by default Gatekeeper only lets users install programs downloaded from the Mac App Store or those digitally signed by a registered developer. More cautious users can decide to accept only applications downloaded from the Mac App Store.

The technology is designed to make it harder to trick Mac fans into installing Trojans. Apple is essentially acting to nip the problem of scareware scams and the like on Macs in the bud, before Apple-targeting malware gets out of control.

From a system security perspective that's a laudable aim but there may be less palatable consequences.

The move could be a step along the road to making OS X as closed to unapproved developers as iOS.

"Gatekeeper also begins to solidify Mac's walled garden," Sean Sullivan, a security advisor at F-Secure notes. "In the future, when Apple decides to further close its platform, device drivers could also be required to use Apple Developer IDs. Apple is famous for its focus on user experience, and it isn't really very difficult to imagine it revoking third-party peripheral drivers in order to 'secure' that experience."

Gatekeeper is billed as offering: "More control for you" – "I keep reading it as: more control – over – you," Sullivan observes wryly. "By 2014, I expect somebody out there will be jailbreaking their Mac…"

Aside from these political issues, other security watchers warn that Apple's implementation of whitelisting technology may be flawed.

Chester Wisniewski of Sophos notes that the technology only looks at executable files downloaded via the internet. That means files from USB drives, CD/DVD/BR or even network shares "will all install and run without being screened". In addition, other potentially malicious files might be missed, he says.

"Gatekeeper code signing only applies to executable files, meaning anything that is not itself a Trojan – like malicious PDFs, Flash, shell scripts and Java – will still be able to be exploited without triggering a prompt," Wisniewski warns.

Gatekeeper is based on the same LSQuarantine technology previously used by Apple in XProtect, a basic anti-malware system built into recent releases of Mac OS X since August 2009.

Wisniewski is supportive of Apple's objectives in developing Gatekeeper but dismissive of its initial efforts, which he categorises as a failure. "I think Apple is really on to something here if they implemented this feature in a more comprehensive manner," Wisniewski concludes. "I give them an A for what they want to accomplish, but sadly only a D- on implementation." ®

Bootnote

Computer security historians would be interested to note that 20 years ago there was an anti-virus program for Mac, also called Gatekeeper. The software, developed by independent programmer Chris Johnson, was shelved many years ago.

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
Bad PUPPY: Undead Windows XP deposits fresh scamware on lawn
Installing random interwebs shiz will bork your zombie box
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.