Posted by: David Harley | May 2, 2010

Bulls, Horses, and the Mac App Whitelisting Rumour

Actually, it never occurred to me that a whitelisting model similar to the iPod/iPad model, where apps would have to be authorized by Apple and obtained through an approved channel like the App Store, might be under consideration.Such iDevices carry a lot of computing power, in some respects exceeding the potential of cheap netbooks, but there are many contexts in which power users and corporates will require a lot more choice than such an App Store would give them.

Apparently the rumour mill was, however, churning in that direction. So Mac developer Fernando Valente took the bull by the horns, as it were, went straight to the horse’s mouth – I said mouth – and mailed Steve Jobs to see if there was any truth in the story. And the answer came back “nope”. So that’s that.

But it got me thinking Dr. Alan Solomon, a leading figure in the early days of the antivirus field, has long talked about a semi-hypothetical OS model based on a flavour of Linux so locked down it would be barely usable for power users and IT professionals, but which would be a much safer experience for people whose requirements are less demanding. In fact, there have also been attempts to market “safe” Windows PCs using a protected system partition and a less protected data partition, for instance.

Mobility, physical footprint and telephony aside, doesn’t that population of people who aren’t particularly security-aware or even technology-aware closely resemble the market that’s likeliest to want a small device somewhere between an iPhone/iPod and an iPad/Kindle/netbook as their main computer? (Yes, I understand that we’re talking about quite a range of devices.)

If that’s so, perhaps a device a little closer to a netbook but still based on a paternalist App Store model would meet (most of) that need. As long, that is, as the provider was able to:

  1. Maintain the integrity of the model without letting applications through that started to pose some form of threat.
  2. Withstand the pressure to loosen the reins that’s bound to come from those who come to realize they want more choice than they’re given. (Jailbreaking happens for a reason.)
  3. Resist the temptation to assume that  it can maintain perfect security on behalf of its customers at all times, or else write off breaches as the customer’s fault.
  4. Take responsibility for the customer as well as for the system. Especially when it comes to misleading the customer into thinking he never has to think about his own security. (Read “social engineering target”…)

Congratulations to the iPad, by the way, on now being allowed into Israel…

David Harley FBCS CITP CISSP
Mac Virus
Small Blue-Green World
AVIEN Chief Operations Officer

Advertisements

Responses

  1. […] whitelisting has been brought up again. Those of you familiar with Marcus Ranum will know that he’s in favor of it. And I’ve […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: