Apple has included a new – and admittedly interesting – security function in the upcoming version of Mac OS Mountain Lion (OS X 10.8). Called Gatekeeper, the function will restrict the installation of downloaded applications based on their source. Think of it as a step-up on Microsoft’s Authenticode. Yet, is it more control for the user, or more control over the user? Also, will it really prevent malicious applications from being installed?
“In the future, when Apple decides to further close its platform, device drivers could also be required to use Apple Developer IDs. Apple is famous for its focus on user experience, and it isn’t really very difficult to imagine it revoking third-party peripheral drivers in order to “secure” that experience… By 2014, I expect somebody out there will be jailbreaking their Mac…,” he wrote.
Moreover, Sophos’ Chester Wisniewski adds, Apple’s idea is sound, but the implementation is flawed.
“Gatekeeper is essentially a whitelisting technology bolted onto the blacklisting technology it introduced two versions ago. While this will clearly reduce the risk for users who primarily download all of their programs through popular browsers or the App Store, it only addresses the Trojan problem that has been the primary vehicle for delivering malware to OS X,” he said.
“This one time check, combined with the limitations of what files are scanned from which sources significantly weakens the usefulness of Gatekeeper. The second problem is a common one to all platforms, people. If a user wishes to install something and is blocked from doing so, they more often then not will override the block. It’s human nature,” he adds.