Apple’s OS X Tightens Security

Wednesday, February 22, 2012 @ 03:02 PM gHale

In an effort to push its security to new levels, Apple will introduce a new Mac security model with OS X Mountain Lion this summer. By default it will let users install only programs downloaded from the Mac App Store or those digitally signed by a registered developer.

Gatekeeper — Apple’s name for the model and technology — will block the installation of the most common kind of Mac malware. That would be Trojan horses executed by users duped into downloading and installing fake software.

Apple Deals with App Privacy Issues
Cracking Apple iWork Encyrption
Apple Supplier Hit by Hack
Struggle to Secure Mobile Devices

Last year, campaigns of “scareware,” programs that posed as antivirus software but actually infected systems with attack code, made headlines. Apple responded to the scareware threat by repeatedly updating a rudimentary blocking list that debuted two years earlier.

Mountain Lion, which Apple said Thursday will ship late this summer, uses a new mechanism to bar malicious applications from most Macs.

By default, only software downloaded from the Mac App Store or signed with certificates Apple provides free-of-charge to registered developers can install on Mountain Lion.

Because each digital certificate links to an individual developer or company, Apple will know who was responsible for, say, sneaking a malicious app by users, and be able to revoke the certificate and ban the developer from its program.

Apple will not review these digitally-signed third-party programs, but Gatekeeper lets the company retaliate against malicious application makers, and by revoking certificates, gives it a way to block new installs and stifle a malware campaign in its early stages.

Mountain Lion’s Security & Privacy preferences screen also has options for tightening or loosening Gatekeeper’s vigilance. If the user selects “Mac App Store,” he can install only software downloaded from Apple’s mart; choosing “Anywhere” lets users install programs obtained from anywhere. The latter is the wide-open model that Macs — and Windows PCs — have used.

At its default setting, Gatekeeper, which has roots in moves Apple has been making with OS X for several years, is a set-and-forget “whitelist,” or list of approved programs. “It’s like a giant whitelist button,” said Andrew Storms, director of security operations at nCircle Security, of Gatekeeper.

Leave a Reply

You must be logged in to post a comment.