One of the main reasons many of us turned to Apple’s machines and its OS X operating system is the belief that the company’s software is more secure than Windows, its biggest rival. However, Eugene Kaspersky, CEO and co-founder of Kaspersky, one of the industry’s leading security specialists, believes that Apple is “10 years behind Microsoft in terms of security,” and that Apple need to invest more into security audits for its software.
Apple uses digital certificates and code signing in various ways to help keep Macs secure. One common example is that apps sold through the Mac App Store are digitally signed, which allows an individual Mac to know that it’s getting the genuine article when a user launches the App Store app. It also allows a Mac to ensure that an application hasn’t been tampered with by a malicious user or a piece of malware each time that app is launched (Mountain Lion’s Gatekeeper feature will be based on the same technology).
The same process is used with Apple’s Software Update servers. Each update from Apple is digitally signed using a certificate that let’s each Mac know that they’re getting genuine updates from Apple.
Digital certificates are designed to expire periodically and tomorrow, March 23, 2012, the certificate associated with Apple’s Software Update functionality will be expiring. Apple already has a new certificate ready that won’t expire for seven more years (2019). The transition to the certificate will be transparent for almost all Mac users, but it may create problems with some OS X Server installations.
One of the new features of OS X 10.8 Mountain Lion has been the addition of Gatekeeper. By only allowing apps to be installed from the Mac App Store, Mountain Lion’s Gatekeeper feature gives users a new level of security from malicious software.
Some users feel Gatekeeper is a sign that Apple is moving toward a completely closed desktop operating system that will only allow apps from the Mac App Store to be installed. Easing concerns of this draconian controversy, this afternoon Apple announced the Developer ID program that will help third-party developers distribute their apps safely outside of the Mac App Store.
Although Apple just announced OS X Mountain Lion last Thursday, Mac apps are already getting updated for compatibility with the next-gen OS. Mountain Lion is only available as a developer preview, but that hasn’t kept Smile from updating its popular PDF editor for the Mac, PDFpen, with Gatekeeper compatibility.
Smile makes great productivity apps for the Mac, like TextExpander. With this latest update to PDFpen, a Gatekeeper-friendly Developer ID has been added to help future Mountain Lion users install the app in a secure environment.
Apple hasn’t made the Mac App Store the only source for Mac software, but the company is nudging both developers and users in the store’s direction. That’s fine for consumers, but it may create problems for businesses that need to buy software in bulk and distribute it to a large number of Macs.
Apple has informed Mac developers that the deadline for sandboxing apps has been extended to June 1st. The date was postponed last November and set to take place on March 1st. Apple has been working on technical specifications for third-party developers since.
For those that are unfamiliar, “sandboxing” is essentially confining an app’s system access to its specific functions or entitlements, thereby hindering the possibility of an app behaving maliciously on a system level. Developers now have more time to appropriately implement sandboxing into their apps for the Mac App Store.
Mountain Lion’s GateKeeper feature is designed to improve Mac security by harnessing the power of the Mac App Store and through a new developer program in which Apple will offer Developer IDs to members of its Mac Developer Program. Those IDs will let developers digitally sign their applications so that Mountain Lion Macs can verify an app’s authenticity and security before running it.
While this may seem like a new approach and an extension of the Mac App Store model, it’s actually based on technology that has been part of OS X since the release of Leopard.
GateKeeper is one of the big new features in Mountain Lion. It’s designed to protect against malware by limiting what kinds of software gets installed on your Mac. GateKeeper offers Mac users three levels of security: Mac App Store purchases (which have been fully vetted by Apple), Developer ID apps purchased outside the Mac App Store that are digitally signed so your Mac can verify their authenticity via Apple, and apps from all other sources.
The GateKeeper model looks great from the perspective of an individual user or family – easy to understand and use while being fairly effective at leveraging Apple’s developer program as a security solution. How it will stack up in business and enterprise environments, where mass deployment are commonplace, may be a different story.
One of the big headline features in Apple’s new Mountain Lion OS is Gatekeeper, designed to keep malware and other nasties away from your computer. So is this another step towards App Store-only software on Macs?
The short answer is yes, it is. But it doesn’t have to be. Gatekeeper gives you the choice: do you want to stick to App Store-only apps, or be able to install anything from anywhere?