Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Let the right one in: Apple uses two doors to manage malware

Glenn Fleishman | Nov. 14, 2014
Two recent security incidents, WireLurker and Masque Attack, highlight both the ease and difficulty of slipping malware onto iOS. But they also show the way in which Apple may have infantilized its audience into not knowing the right choice to make when presented with a genuine security flaw.

Users need help to make smart choices

Which brings us to the crux. Mac OS X allows any arbitrary app to be installed, has been resistant to widespread malware, and provides paths that allow selective security for varying degrees of compliance with Apple's mandates. But most users require explanation to install unsigned apps unless they fully disable Gatekeeper, which is inadvisable. iOS resists installation of apps that aren't in the App Store, but seemingly gives naive users little information about making a good choice when faced with unexpected prompts.

It seems like Apple could tighten and loosen app security at once without compromising its intent or users. Relatively few users need to install ad hoc or enterprise apps, and it should provide clearer guidance in iOS — and maybe a way to turn off such installations without an additional security hoop being jumped over. Likewise, OS X could make it easier, or at least clearer, how to overcome Gatekeeper when one needs to.

But the experience with OS X and these two malware attempts should also provide guidance in loosening the reins of iOS. The two exploits are completely thwarted by the difficulty in obtaining enterprise certificates and the ease with which Apple may revoke such encryption documents. Cracking iOS open to add a Gatekeeper option for signed apps only that have verified information and of which user has to approve the installation and launch would still give Apple a way to shut malware down quickly.

Apple's unlikely to give up its rigid iOS control, but it's ironic that malware revealed how well OS X manages integrity, and how easily iOS could be extended to benefit users and developers alike.

 

Previous Page  1  2  3 

Sign up for Computerworld eNewsletters.