With Gatekeeper, Apple promotes safe computing
I’m just going to come right out and say it: Mac and iPhone users are safer than Windows and Android users. There it is.
I can sense a tsunami of comments flooding in like never before, so allow me to explain what I mean.
There is vastly less malware (viruses, worms, botnets, etc.) on OS X and iOS than there is on Windows and, more recently, Android. We all acknowledge this. But many of you are saying that that doesn’t mean that Apple’s operating systems are more secure than Windows or Android. True. I didn’t say they’re more secure; I said they’re safer.
What else do you have to knock down that statement? Ah, yes, there’s less malware on OS X than on Windows because there are fewer Mac users than Windows users—the bad guys simply write their heinous ware for the larger market. To which I say: That may be at least partially true in the case of OS X vs. Windows, but it flies in the face of reason when it comes to iOS vs. Android.
So now you’re saying that the Android Markets are “free” and “open” vs. Apple’s heavy-handed curation of its App Store. And now we’re getting to an interesting discussion.
Apple users are safer for many reasons. We can talk about size of the Mac population vs. the Windows population, but I firmly believe the answer is far more complex than that (though I have no doubt that population size plays a role).
Apple’s decision to curate the App Store and the Mac App Store suggests to some that the company has become the Big Brother it once mocked . I don’t buy that. To me, it looks like part of a strategy for keeping its users safer. Another element of that strategy became evident with last week’s announcement of the next version of OS X, Mountain Lion, and its Gatekeeper feature .
For all intents and purposes, iOS has had a “Gatekeeper” implicitly in its inner workings since day one. Now, Apple is bringing that to the Mac as well. What is it? It’s a security subsystem that prevents unauthorized applications from being installed without the user’s explicit permission. In Mountain Lion, those applications can come from the Mac App Store, or they can be digitally signed by a registered Mac application developer. Other software—including malware and viruses—are forbidden from being installed.
I know what a good portion of Computerworld’s readership has to say about that sort of thing, though: I want more freedom as a user; I need to be able to do whatever I want with my computer. But Apple isn’t doing anything to take away such freedom from the population of technically inclined users. You can continue to do as you please, while the masses of less technically accomplished users get a bit of protection from malware. The power to do whatever you want on your computer is something that the vast majority of users wouldn’t want, seek or even know what to do with. And yet it’s exactly the sort of power we’ve been providing them for years and years in the PC industry.
The fact is that most users will make inappropriate choices when given options on what to install all the time. That happens not because they’re idiots, but because they don’t know the facts and their ramifications. They aren’t armed with the same knowledge that the techies have.
So for most users, Apple’s strategy is brilliant. The app stores for iOS and the Mac provide a curated environment to select a vast array of application software. Gatekeeper prevents unauthorized software from being installed.
That strategy has been working pretty well for Apple on iOS. It’s not perfect—nothing is. We’ve seen examples of the curation process failing. We’ve seen many examples of “jail breaking” software that can exploit an underlying software weakness and entirely circumvent the curation process.
But, by and large, the curated app stores have been doing a pretty good job at giving users what they really want: power to run what they need to do, and peace of mind in being reasonably safe from the malware and vermin that plague the Windows and Android worlds.
I say kudos to Apple for this. I also say that Apple needs to improve its curation processes and procedures, since it now has a whole lot of eggs in one basket. Mistakes in that one key portion of its process can and will have far-reaching ramifications, after all.
With more than 20 years in the information security field, Kenneth van Wyk has worked at Carnegie Mellon University’s CERT/CC, the U.S. Deptartment of Defense, Para-Protect and others. He has published two books on information security and is working on a third. He is the president and principal consultant at KRvW Associates LLC in Alexandria, Va.