Security firms unimpressed with Apple's Gatekeeper

Security firms have poured cold water on features set for the forthcoming versions of Apple's Mac OS platform designed to protect users from malicious applications.

Apple's Gatekeeper tool will provide Mountain Lion users with options to control which applications are allowed on to the system.

Users will be given the option of restricting downloaded applications to those obtained from Apple's Mac App Store, ones that have been 'whitelisted' or to allow any downloaded applications to run.

But this approach only provides a partial degree of protection, Rik Ferguson, solutions architect, at Trend Micro.

“It's a good start,” he told V3, “but it is far from achieving what it sets out to do.”

For example, because the system for approving whitelisted applications relies on detecting signature code in downloaded files, it would provide little protection against applications installed from a USB key or ones obtained across a network, which do not contain that download signature, Ferguson added.

His comments were echoed by Graham Cluley, a senior technology consultant at Sophos.

“Gatekeeper code signing only applies to executable files, meaning anything that is not itself a Trojan like malicious PDFs, Flash, shell scripts and Java will still be able to be exploited without triggering a prompt,” he wrote on a company blog.

The issue of Mac security is always highly contentious, said Ferguson, with some pockets of Mac users steadfast in their view that malware writers seldom target the platform.

“Obviously, Apple recognises there is a potential risk, otherwise they wouldn't have introduced Gatekeeper,” he added.

Trend Micro has tracked a persistent rise the amount of malware targeted at Mac OS, and while still minuscule compared to the amount targeted at Windows, “we see the same criminal groups writing malware for both platforms,” Ferguson explained.

“You shouldn't assume those developing Mac-based malware are new to the game.”