Mountain Lion or fluffy kitten?
- {{x.value}}
{{ twilioFailed ? 'SMS Code Failed to Send…' : 'Enter verification code' }}
{{ completedStep1 ? 'Authentication & Security' : content.trialHeading.replace('{0}', user.FirstName) }}
{{ content.upgradeHeading.replace('{0}', user.FirstName) }}
The email address you entered is registered with InvestSMART
Please login to continue
We have sent you an email with the details of your registration.
Looks you are already a member. Please enter your password to proceed
{{ upgradeCTAText }}
Updating information
Please wait ...
Your membership to InvestSMART Group recently failed to renew.
Please make sure your payment details are up to date to continue your membership.
Having trouble renewing?
Please contact Member Services on support@investsmart.com.au or 1300 880 160
You've recently updated your payment details.
It may take a few minutes to update your subscription details, during this time you will not be able to view locked content.
If you are still having trouble viewing content after 10 minutes, try logging out of your account and logging back in.
Still having trouble viewing content?
Please contact Member Services on support@investsmart.com.au or 1300 880 160
Please click on the ACTIVATE button to activate your Intelligent Investor 15-day free trial
Please click on the ACTIVATE button to finalise your membership
Unsuccessful registration
Registration for this event is available only to Eureka Report members. View our membership page for more information.
Registration for this event is available only to Intelligent Investor members. View our membership page for more information.
- You are already registered for this event.
- This event is already full.
- Please select a quantity for at least one ticket.
- {{ i }}
Forgotten password
Please enter your email address below to request a new password
- Verify your email address by clicking on the link we sent to {{user.Email}}
- You now have free access, we look forward to helping you on your financial journey.
Apple has announced enhanced security features in its upcoming OS X 10.8 Mountain Lion release.
The biggest change is a new function called Gatekeeper. Apple is finally introducing what appears to be a slightly more advanced version of Microsoft's Authenticode technology.
Apple will provide three options for Mountain Lion users: App Store only, App Store and applications with valid developer signatures or all software (current behavior).
This sounds like a pretty good idea to me, but unfortunately the implementation is flawed.
The first problem is that Apple is relying on the LSQuarantine technology used in their rudimentary integrated anti-virus known as XProtect.
This means Gatekeeper is essentially a whitelisting technology bolted onto the blacklisting technology it introduced two versions ago.
While this will clearly reduce the risk for users who primarily download all of their programs through popular browsers or the App Store, it only addresses the Trojan problem that has been the primary vehicle for delivering malware to OS X.
It's what Gatekeeper doesn't catch that might inspire budding criminal authors to take the next step in creating more advanced malware for OS X.
LSQuarantine only triggers on files downloaded from the internet that have been tagged by the application that downloaded it with the quarantine bit.
This means that files from USB drives, CD/DVD/BR or even network shares will all install and run without being screened.
Some applications that download from the internet like Bittorrent also do not flag downloads with the quarantine bit.
Gatekeeper code signing only applies to executable files, meaning anything that is not itself a Trojan like malicious PDFs, Flash, shell scripts and Java will still be able to be exploited without triggering a prompt.
File are only checked at the time they are initially executed, so if a rogue developer distributes a malicious app, Apple will need to revoke that certificate *before* the victim executes the download.
This one time check, combined with the limitations of what files are scanned from which sources significantly weakens the usefulness of Gatekeeper.
The second problem is a common one to all platforms, people. If a user wishes to install something and is blocked from doing so, they more often then not will override the block.
It's human nature. Yes, of course I want to install this pirated movie codec, or really snazzy screensaver. Apple's just warning me because they think I should pay $800 for this photo editing app.
Andrew Ludgate in SophosLabs pointed out that calling this feature Gatekeeper is a bit strange as well.
Going back nearly 20 years ago there was an anti-virus program for Mac called Gatekeeper.
Even the icon for the original Gatekeeper (hosted on mac.com none the less) has a remarkable similarity to Apple's new endeavor.
I think Apple is really on to something here if they implemented this feature in a more comprehensive manner. I give them an A for what they want to accomplish, but sadly only a D- on implementation.
Chester Wisniewski is a senior security advisor at Sophos Canada.
Call 1300 880 160
Start a chat
Schedule a call
