Mountain Lion: Apple's 'Gatekeeper' to Mac malware
Apple finally admits (although in a roundabout way) that malware exists for Mac. "While malware is one of the biggest security challenges on personal computers, it’s hardly an issue on a Mac", Apple says on a page describing Gatekeeper. "Apple is working hard to see that it won’t be".
Give the Cupertino, Calif.-based company some credit for coming clean. Even with such a milestone admission that should generate some plaudits from some Apple critics, the solution is not going to be popular among those who hate the walled garden approach.
It's fairly simple: each Apple developer will now receive a digital signature to "sign" apps, which in turn will allow Mac OS to determine if an app comes from a trusted developer.
New options within the Security & Privacy section of the System Preferences tab allows for tight control of where apps can be installed from. The user can choose to only allow apps from the Mac App Store, from the Mac App Store and "identified developers", or everywhere.
Mountain Lion will only allow users to install apps from the Mac App Store by default. With the new digital signature requirement in place, which seems an extension of the sandboxing requirement announced last year, this is the most secure option. But why is Apple taking such a step to lock down Macs?
With a digital signature embedded into every app, Apple now has full control over whether or not an app can run on its platform. Take for example: A Trojan is discovered in an app that was formerly deemed "safe". With a click of a button, this app is now unusable on the majority of Macs which owners probably never bothered to change the default setting.
This method is sure to invite criticism, but is indicative of a larger move in the industry towards curation. Microsoft is doing something similar for Windows 8 on ARM. Users will not be able to run any apps on the platform unless they are delivered through Microsoft's official channels.
Like I said last week, it's harder to argue against a controlled environment when it comes to security. We techier types need to accept the cold fact that a significant portion of computer users are pretty careless when it comes to protecting ourselves. Curation is a necessary step to prevent larger security problems.
NSS Labs chief research officer Bob Walden makes this point in a post on curated app stores from last year. "From the point of view of the user - particularly the non-computer savvy user -- all of this just works. Couple of clicks to search for your app. One click to purchase, download and install. And, most important of all, Trojan-free once it arrives", Walden argues in the post.
"Curated app stores are essential to the well-being of the ecosystem", he concludes. Is he right? From the looks of the moves of the industry over the past several months, it appears the gatekeepers agree, no matter what power users may think.