Security firms intrigued by Apple's Gatekeeper

Apple's gearing up to make their latest OS, Mountain Lion available for download via the Mac App Store. In the new OS, Apple's anti-Trojan program, Gatekeeper is of interest to security firms, particularly in the way that the program might hinder developers. According to security firm, F-Secure, the way that Gatekeeper prevents your Apple computer from getting a virus is it prohibits the download of any program that is not available from the Mac App Store or identified developers. Which means that if a developer wants to get his or her program on to your Apple computer, as geniune as their intentions may be, they will have to sign-up to be an Apple identified developer and cough up $99 (approx Rs.4,859) per year. Users can opt to download applications from "anywhere", but Gatekeeper will still issue you a warning, before you download the application.


Intrigued with how the Mountain Lion keeps out Trojans

Intrigued with how the Mountain Lion keeps out Trojans




While F-Secure is of the opinion that this is a pretty effective way of protecting your Apple computer from malware, Gateway will also "solidify Mac's walled garden". They say, "In the future, when Apple decides to further close its platform, device drivers could also be required to use Apple Developer IDs. Apple is famous for its focus on user experience, and it isn't really very difficult to imagine it revoking third-party peripheral drivers in order to "secure" that experience."  They don't see it as a way for Apple to create more control for the user, they see it as a way for Apple to have more control over the user. They also see users jailbreaking their Macs by 2014.


Meanwhile, security firm, Sophos points out Gatekeeper's flaws. They say that by being built on the LSQuarantine technology that Apple used in their antivirus, XProtect, the system essentially consists of whitelisting technology built upon blacklisting technology. Essentially, Gatekeeper only works on files downloaded off the Internet, but will not be able to screen Trojans coming in from USB drives, DVDs and network shares. Furthermore, it will not flag files downloaded from programs like BitTorrent. Sophos says that Gatekeeper only catches executable files, which means malicious PDFs, Flash, shell scripts and Java can still be used to transfer malware. They further add that files are only checked once they're initially executed, "so if a rogue developer distributes a malicious app, Apple will need to revoke that certificate *before* the victim executes the download."


Sophos also says that human nature will get in the way of Gatekeeper being effective. They say that if a user is prevented from downloading a photo editing application, the user will override the block thinking Apple wants them to download their more expensive photo editing application instead.

Published Date: Feb 21, 2012 12:58 pm | Updated Date: Feb 21, 2012 12:58 pm