Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Apple’s Gatekeeper Security Function Still Open for Debate

Apple has included a new – and admittedly interesting – security function in the upcoming version of Mac OS Mountain Lion (OS X 10.8). Called Gatekeeper, the function will restrict the installation of downloaded applications based on their source. Think of it as a step-up on Microsoft’s Authenticode. Yet, is it more control for the user, or more control over the user? Also, will it really prevent malicious applications from being installed?

Apple has included a new – and admittedly interesting – security function in the upcoming version of Mac OS Mountain Lion (OS X 10.8). Called Gatekeeper, the function will restrict the installation of downloaded applications based on their source. Think of it as a step-up on Microsoft’s Authenticode. Yet, is it more control for the user, or more control over the user? Also, will it really prevent malicious applications from being installed?

Gatekeeper WhitelistingApple’s Gatekeeper comes with three settings. Users can opt to allow applications to be installed if they are taken from the Mac App Store, the Mac App Store and Identified Developers, or anywhere on the Web. Identified Developers need to pay Apple an annual fee of $99 USD, which most developers willingly pay to keep on Apple’s good side and promote their services. That’s not the issue however, according to Sean Sullivan over at F-Secure.

“In the future, when Apple decides to further close its platform, device drivers could also be required to use Apple Developer IDs. Apple is famous for its focus on user experience, and it isn’t really very difficult to imagine it revoking third-party peripheral drivers in order to “secure” that experience… By 2014, I expect somebody out there will be jailbreaking their Mac…,” he wrote.

Moreover, Sophos’ Chester Wisniewski adds, Apple’s idea is sound, but the implementation is flawed.

“Gatekeeper is essentially a whitelisting technology bolted onto the blacklisting technology it introduced two versions ago. While this will clearly reduce the risk for users who primarily download all of their programs through popular browsers or the App Store, it only addresses the Trojan problem that has been the primary vehicle for delivering malware to OS X,” he said.

Mac OS GatekeeperIt’s what Gatekeeper misses that counts, Wisniewski notes. For example, files from USB devices, CD ROMs, or network shares will be ignored by Gatekeeper, opening up a wider attack surface. In addition, applications downloaded from BitTorrent might be ignored by Gatekeeper as well.

“This one time check, combined with the limitations of what files are scanned from which sources significantly weakens the usefulness of Gatekeeper. The second problem is a common one to all platforms, people. If a user wishes to install something and is blocked from doing so, they more often then not will override the block. It’s human nature,” he adds.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cyberwarfare

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Malware & Threats

Security researchers are warning of a new wave of malicious NPM and PyPI packages designed to steal user information and download additional payloads.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.