The following text is copyright 2012 by Network World, permission is hearby given for reproduction, as long as attribution is given and this notice is included.

 

Apple's Gatekeeper: A low cost for Partial security

 

By Scott Bradner

 

Out of the blue, Apple just announced Mountain Lion, the next generation of its OS X operating system.  (http://www.networkworld.com/news/2012/021612-apple-mac-mountain-lion-256265.html?hpg1=bn)  By the time Mountain Lion ships sometime next summer Apple says it will have lots of new features, some transported form its iOS environment of the iPhone, iPad and iPod Touch world.  (http://www.apple.com/macosx/mountain-lion/).  This column will examine just one of the new features, one that, while good, has not yet included all the functions of its iOS prototype.

 

The iOS operating system performs a validity check on each application before the application is run.  The check verifies that the application came from a trusted source and has not been modified. In the case of iOS, the trusted source must be the Apple iOS App Store.  This check makes it much harder for the iOS device to be corrupted by a rogue application introduced by a computer virus.  But it also locks the iOS device to only get new or updated applications from the Apple-run App Store.  In this way, Apple controls what you, the titular owner of an iOS device, are permitted to run.  With a collection of a half million applications in the App Store, this control over the user has been more of a theoretical, than a practical,  problem.

 

Apple is now adding a poor man's version of this validity check to OS X in the form of Gatekeeper.  (http://www.apple.com/macosx/mountain-lion/security.html)  Gatekeeper does the same validity check as the iOS system does but Gatekeeper only does the check when the application is first installed, and then only if the application is downloaded over the Internet.  As described, Gatekeeper will be able to be run in three modes.  The default mode will permit applications to be installed from the OS X App Store (not to be confused with the iOS App Store) and from developers who have registered with Apple as long as the applications have not been modified since they were created.  Gatekeeper will also be able to be run in a stricter mode where it will only permit applications form the OS X App Store to be installed or an open mode in which applications are not checked before installation.   The last mode is equivalent to the way OS X currently operates -- you can install applications from anyone, including applications from developers that Apple has never heard of. 

 

The reaction to Apple's announcement has been decidedly mixed.  On the security side, some pundits seem to be from the branch of computer security that feels that security is worthless unless it is perfect.  These pundits dismiss Gatekeeper as almost worse than worthless because it only does the validity check when the software is installed.  Checking only at the time of installation will not discover software that gets modified after installation and does not deal with the case where an application's bad behavior is only discovered later.  Performing the validity check every time the application is run will catch modified applications and, because Apple can distribute a list of bad software developers in real time, it can block applications newly discovered to be bad from running.  I think the security provided by Gatekeeper is worthwhile but I do hope that Apple changes to a check-before-running from the current check-when-installing operation before Mountain Lion is distributed.

 

The other area that some pundits have focused on is the one of lock in.  They are worried that this is the next step in a progression that would wind up with OS X being as closed as iOS.  While there is no current reason to think that is in Apple's plans, it does bear watching.

 

By the way, it turns out that Apple included Gatekeeper in Lion - just user the terminal command "sudo spctl --enable" to turn it on, and "sudo spctl --disable" to turn it off.

 

Gatekeeper is only a step along the path to better OS X security, but a useful one, as long as it is not also a step along a path to an Apple-knows-best future.

 

disclaimer: I know of no one at Harvard who would complain about improved security but I know of no university opinion on the topic so the above is my own review.