I think it is the best solution I've found so far. As far as vendors go, I think Apple is better than most and I don't believe the recent ransomeware is a sign that the Apple security model is broken - user on the other hand.Thanks to discover me KMonad. Most vendors, including Apple, can probably improve their security model (actually, many vendors are really really bad - IoT, Modem and mobile phone vendors etc.) There are also some real problems with the current certificate model, but thats a hole other story. They will choose option 3 to install that new free game and then blame Apple when their data is encrypted with Malware. All too often, people will emphasise freedom and flexibility and ignore security. Essentially, we have a play-off between freedom and security. Can there be a 100% safe solution - I don't think so and anything which claimed to be is either being dishonest or it would provide a system which was so locked down and inflexible, people would likely refuse to use it.Ĭan apple do better? Possibly, but we probably need to be careful what we wish for. Is the Apple store 100% safe? No, there have been instances of malware in the store. Is all of this good enough? Possibly not. You are also saying that you accept all the risk and it is all your responsibility. The 3rd option basically says your not interested in Apple's view of who can and cannot be trusted and you will make up your own mind and install what software you want. However, I suspect that if someone was really diligent and actually looked at the certificate and verified it was for the developers who release the software, they would have found it was for some other developer and a red flag would be raised. To some extent, it shows the weakness of the certificate system - if developers do not protect their certificates sufficiently, then you are at risk. In the current case, the malware was distributed with a valid certificate, but the certificate was one stolen from another developer. The problem here is that nobody ever bothers to verify that the certificate is not only valid, but it is the certificate used by the developers. The trust for these 3rd party developers is based on their software being signed with a valid certificate. Your saying I will trust the Apple store and other developers I trust. If you stick with the default, your less likely to get malware (but there are no guarantees, just lower risk). The default is 1, which would have protected the user in this case as the software had to be installed from a 3rd party web site. Allow only from Apple Store and identified developers.Allow installation of only apps from the Apple store. ![]() OSX allows the user to choose from 3 options which impact the strength of the OSX Gatekeeper Instead you would accept it as something which just happens from time to time because there is no such thing as full security. You would probably not call it "a huge security flaw" if it turns out that Mr.Mallory is a crook which tricked both you and Mr.Pear. Just compare this too real life where you trust some Mr.Mallory because your good friend Mr.Pear told you that this person is trustworthy. ![]() ![]() But this has associated costs which not everybody likes to pay and apart from that history shows that it is still possible to trick apple into distributing software which later turns out to be malicious. Apple might try to restrict software distribution to their own apple store only and heavily inspect each of the offered software. Apple limits at least the impact by revoking the certificate as soon as the problem is known. And as long as apple trusts developers to sign their own software it is not possible to prevent the execution by harmful but signed software. Welcome to the internet where not everybody is friendly, same as in the world outside the internet.Īpple could not have prevented the compromise of the server because the server is not in control by apple. Does this show a huge security flaw, in that a compromised server can easily distribute malicious binaries? How could Apple have prevented this from happening?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |