macosxmountainlion将为用户提供一种新的安全模型,默认情况下,用户只安装从macappstore下载的程序或注册开发者数字签名的程序。
Apple will introduce a new Mac security model with OS X Mountain Lion this summer that by default lets users install only programs downloaded from the Mac App Store or those digitally signed by a registered developer.
一些专家称“把关者”(苹果对这种模式和技术的称呼)是一个游戏规则的改变者,而另一些专家则批评它不够严密。
Gatekeeper将阻止安装迄今为止最常见的一种Mac恶意软件:被欺骗下载和安装假软件的用户无意中执行的特洛伊木马。
去年,several campaigns of "scareware,"programs that posed as antivirus software but actually infected systems with attack code, made headlines. Apple responded to the scareware threat by repeatedly updating a初步封锁清单两年前首次亮相。
Apple even took the trouble during the skirmishing to issue a tool that scrubbed infected machines of the "Mac Defender" malware.
山狮,苹果公司周四说会的今年夏天晚些时候发货, uses a new mechanism to bar malicious applications from most Macs.
苹果公司在2011年1月推出的Lion Mountain应用程序提供了免费的软件注册许可证,开发者只能在苹果公司的Lion Mountain上免费注册。
因为每个数字证书与一个我ndividual developer or company, Apple will know who was responsible for, say, sneaking a malicious app by users, and be able to revoke the certificate and ban the developer from its program.
苹果不会审查这些经过数字签名的第三方程序,但“把关者”让公司对恶意应用程序制造商进行报复,并通过吊销证书,使其能够在早期阶段阻止新安装并扼杀恶意软件活动。
Mountain Lion's Security & Privacy preferences screen also has options for tightening or loosening Gatekeeper's vigilance. If "Mac App Store" is selected, only software downloaded from Apple's mart can be installed; choosing "Anywhere" lets users install programs obtained from, well, anywhere. The latter is the wide-open model that Macs -- and Windows PCs -- have used since personal computing's infancy.
在默认设置下,Gatekeeper是一个集而不提的“白名单”,即批准的程序列表,它源于苹果多年来一直在使用OSX操作系统“这就像一个巨大的白名单按钮,”Gatekeeper的nCircle安全部主管Andrew Storms说。
一些安全专家对看门人很感兴趣。
Rich Mogull,一位安全顾问,前Gartner分析师,在他为小道消息博客Thursday. And in a更多技术说明在他的公司博客上,他认为这会攻击黑客。
“看门人攻击了普遍存在的恶意软件的经济性,”莫格尔说如果大多数用户使用它,而且作为默认设置,这极有可能会打击基于网络钓鱼的特洛伊木马的盈利能力。”
总部位于俄勒冈州波特兰市的Mac应用程序开发者Panic的联合创始人史蒂芬·弗兰克(Steven Frank)认为,把关人是苹果在iOS中使用的锁定模式之间的“相当不错的折衷方案”,一些Mac开发者担心这种模式会迁移到OSX上,要求所有的软件都要通过Mac应用程序商店,并且免费安装任何在任何地方找到的东西。
"We think Gatekeeper is a bold new feature that should do wonders for the security of your Mac for years to come," Frank wrote Thursday onPanic's blog.
另一些人则怀疑守门人是否有能力阻拦坚定的攻击者。
丹佛安全顾问Accuvant的首席研究顾问、著名的Mac和iOS漏洞研究人员Charlie Miller说:“下载程序第一次运行时检查签名与iOS的强制代码签名不同。”tweet昨天。
Miller指的是Gatekeeper只检查Mac应用程序的证书一次的做法,因为它是下载的,在安装之前:如果证书无效,或者已经被吊销,用户就不能安装它。但是已经安装的应用程序仍然在Mac上,并且可以在苹果撤销证书后继续运行。
That's different from the code signing required of iOS apps, which prevents them from using unauthorized commands once they're downloaded and installed. (Miller knows code-signing: Last November, he demonstrated a bug in iOS that let himcircumvent Apple's iOS App Store code signing.)
安全研究人员Chet Wisniewski在英国的防病毒公司Sophos工作,他指出守门人不会妨碍一些恶意软件攻击策略。
"[Because] Gatekeeper code signing only applies to executable files ... anything that is not itself a Trojan, like malicious PDFs, Flash, shell scripts and Java will still be able to be exploited without triggering a prompt," Wisniewski said on theSophos博客周四晚些时候。
雷格·凯泽尔covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at@gkeizer公司,发送电子邮件至gkeizer@ix.netcom.comor subscribe to格雷格的RSS源.
Read more about operating systems在计算机世界的操作系统主题中心。
这篇文章“苹果的新操作系统收紧了一些恶意软件的螺丝”最初是由计算机世界 .